Thursday, August 27, 2009
Credit Unions Beware! NCUA Issues Urgent Security Alert

On Tuesday, the National Credit Union Administration (NCUA) issued a Fraud Alert indicating that fraudulent letters were being circulated to credit unions along with two compact discs labeled as training materials which the letter instructs recipients to review.

The release goes on to warn:

“DOING SO COULD RESULT IN A POSSIBLE SECURITY BREACH TO YOUR COMPUTER SYSTEM, OR HAVE OTHER ADVERSE CONSEQUENCES.”

And further instructs that “Should you receive this package or a similar package DO NOT run the CDs. You should contact your NCUA Regional Office or the NCUA Fraud Hotline at 1-800-827-9650.”

You can view the original alert here and view the bogus letter here.

-- Mike

 | 
Thursday, August 27, 2009 5:50:00 PM (Eastern Standard Time, UTC-05:00)  #    Disclaimer    Comments [1]   
Friday, August 28, 2009 8:44:28 AM (Eastern Standard Time, UTC-05:00)
Post Follow Up:

According to several posts today including one on the blog <a href="http://threatpost.com/blogs/attackers-sending-malware-infected-cds-credit-unions-127" target="_blank">Digital Underground</a>, the alert I posted appears to have part of a well-crafted, but authorized penetration test.

Kudos to the folks who authorized and performed the test. It seems that people are being very smart these days and the fact that it made to the level of an official alert from NCUA says a lot about how seriously our financial industries take such events.

Special thanks to Ben Higgins here at Dovetail, who's been keeping very close eyes on this and many other industry alerts.

-- Mike
Michael Villa | mvillaAT NOSPAMdovetailinternet dot com
Comments are closed.