NASCUS Summary on Recent NCUA Risk Alert – Heightened Risk of Social Engineering and Phishing Attacks

The on-going conflict in Ukraine has raised concerns about potential cyberattacks in the U.S., including those against the financial services sector. All credit unions and vendors, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant. Credit unions should report any cyber incidents to the NCUA, your local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency (CISA).

Phishing is a technique that uses email or malicious websites to solicit personal information or to get victims to download malicious software by posing as a trustworthy entity. Another variant of phishing, known as smishing, uses SMS or other text messaging applications to get victims to click on malicious links to achieve similar goals to email phishing. NCUA’s Risk Alert outlines common indicators to watch out for along with tips to avoid being a victim of phishing.

The NCUA encourages credit unions to review CISA’s Shields-Up website, which provides information about cybersecurity threats, including several resources and mitigation strategies. The NCUA recently created the Automated Cybersecurity Evaluation Toolbox or ACET, a free tool for federally insured credit unions to use when evaluating their levels of cybersecurity preparedness. The ACET is a downloadable, standalone app developed to be a holistic cybersecurity resource for credit unions.

Additional cybersecurity resources are also available at

Read the Risk Alert in its entirety here