NCUA has issued a risk alert (22-RISK-01) on the increased risk of social engineering and phishing attacks that accompany the conflict in Ukraine. According to the NCUA, potential cyberattacks in the United States raise concerns, particularly against the financial sector.
“All credit unions and suppliers, regardless of size, are potential targets for cyberattacks, such as social engineering and phishing attacks, and should remain vigilant,” the alert reads, adding that credit unions must report any cyber incidents to the NCUA, the local FBI office or the Internet Crime Complaint Centerand the Cybersecurity and Infrastructure Security Agency.
Phishing is a technique that uses malicious emails or websites to solicit personal information or trick victims into downloading malware by posing as a trustworthy entity. Another variant of phishing, known as smishing, uses text messaging apps to trick victims into clicking on malicious links.
NCUA recently created the Automated Cyber Security Assessment Toolkit (ACET) that federally insured credit unions should use when assessing their level of cybersecurity readiness. ACET is a downloadable, self-contained application developed to be a global cybersecurity resource for credit unions.