Agency alerts credit unions of phishing, ‘smishing’ threats related to Ukraine war

Social engineering and phishing attacks are among the cyberattacks that credit unions should be wary of, particularly as the war in Ukraine continues, the institutions’ federal regulator said Thursday.

In a risk alert, the National Credit Union Administration (NCUA) said credit union employees and members – as well as vendors serving credit unions – should be educated on how to avoid the threats.

The alert defines phishing and other malicious attempts to gather personal information about individuals through either emails or websites. The alert also defines “smishing,” another malicious technique that uses text messaging applications (such as SMS) to entice victims to click on malicious links to achieve similar goals to email phishing.

The alert also outlines common indicators of phishing attacks, and how to avoid becoming a victim.

“The NCUA encourages credit unions to review the Cybersecurity and Infrastructure Security Agency’s Shields-Up website, which provides information about cybersecurity threats, including several resources and mitigation strategies,” the agency said.

The alert also reminds that NCUA recently created the Automated Cybersecurity Evaluation Toolbox (ACET) for credit unions to use when evaluating their levels of cybersecurity preparedness. The agency noted that ACET is a downloadable, stand-alone app developed to be a cybersecurity resource for credit unions.

Heightened Risk of Social Engineering and Phishing Attacks