To illustrate just how creative phishing campaigns have become, on January 30, 2019, it was reported by multiple credit unions that Bank Secrecy Act officers at credit unions around the country received emails that appeared to be from Bank Secrecy Officers at other credit unions. The emails were addressed to the actual Bank Secrecy officers of the credit union (the Patriot Act requires each credit union to designate two such officers) and stated that a suspicious transfer from one of its customers was on hold for suspected money laundering. The email included an attached pdf document which provided detailed information about the suspicious transaction, and urged the Officer to open the pdf. When the pdf was opened, it contained a link to the malicious site.
Please see full publication below for more information.