NCUA Risk Alert on Business Email Compromise through Exploitation of Cloud-Based Email Services

The National Credit Union Administration (NCUA) released Risk Alert 21-RISK-01 to provide credit unions with information related to cybercriminals who are targeting organizations that use popular could-based email services. The cybercriminals are exploiting these services to conduct Business Email Compromise (BEC) scams. Credit unions can take steps to prevent this type of fraud and should report any incidents of fraud immediately to the FBI’s Internet Crime Complaint Center and local FBI field office. Reporting incidents to the Internet Crime Complaint Center within 24 hours increases the chances of recovery for funds wired under fraudulent pretenses.

The Risk alert provides steps that credit unions can take to prevent BEC fraud which include:

  • Enable multi-factor authentication for all email accounts
  • Disable basic or legacy account authentication that does not support multi-factor authentication
  • Use caution when posting information on social media and company websites, especially job duties and descriptions, hierarchal information, and out-of-office details
  • Verify all payment changes and transactions in person or via a known telephone number
  • Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises
  • Prohibit automatic forwarding of business email to external addresses
  • Add an email banner to messages coming from outside your organization
  • Prohibit legacy or unsupported email protocols, such as POP, IMAP, and SMTP, that can be used to circumvent multi-factor authentication
  • Ensure changes to mailbox login and settings are logged and retained for at least 90 days
  • Enable alerts for suspicious activity, such as foreign logins
  • Enable security features that block malicious email, such as anti-phishing and anti-spoofing policies
  • Implement email authentication technologies such as Domain-based Message Authentication Reporting and Conformance (DMARC) policies to prevent spoofing and validate incoming email

In addition, the RISK Alert provides tips for preventing wire transfer fraud and information on reporting and recovering funds from BEC fraud.

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Question of the Week

Q. Under the SAFE Act, how often do MLOs need to renew their registration?

A. The Safe Act requires MLOs to renew their registration annually (unless they registered on or after July 1st of the current year). The renewal period is open Nov.1-Dec. 31 of the current year. If an MLO is required to register and does not do so within this time frame, the MLO will be placed in an “inactive” registration status on the NMLS.

The NMLS created a resource page dedicated to renewal and reactivation information. The resource includes a handbook and FAQs regarding the renewal process.

Related Links

NMLS Resource Page

Interested in learning more? Questions? Contact the Compliance Hotline: 1.800.546.4465,

Compliance Alerts

Financial Crimes Enforcement Network (FinCEN)

Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021: FinCEN issued a report which looks at pattern and trend information pertaining to ransomware, in line with FinCEN’s issuance of government-wide priorities for anti-money laundering and countering the financing of terrorism policy.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of October 8, 2021. The last update prior to this was September 29, 2021.

Questions? Contact the Compliance Hotline: 1.800.546.4465;

Posted in Compliance News, Compliance News, Compliance Question.