The USA PATRIOT Act, Section 314(b) permits financial institutions (after certain notice provided to the U.S. Department of Treasury), to share information with one another in order to identify and report to the federal government activities that may involve money laundering or terrorist activities.

Recently, several credit unions received fictitious “phishing” emails purported to be from another credit union, threatening to report the receiving credit union “for money laundering, under 314(b) of the USA Patriot Act.” Additionally, there was an attachment that – if opened – could cause harm to credit union data. Some of the “red flags” contained in the email were:

  • The email address does not reflect a credit union name they state that they are from – the domain name can contain a series of strange letters or a generic domain name.
  • Second, the sender name and the name in the email address do not match.
  • Third, there are several typos and misspellings in the email, including a “suspicions transfer.”

Credit unions should visit the Information Sharing topic under the Bank Secrecy Act channel within InfoSight for more information. Read the full InfoSight newsletter here.