Thread Options
#2130257 - 05/12/17 01:52 PM cyber event SARs for phishing?
J_G Offline
100 Club
Joined: Dec 2010
Posts: 204
Can someone help me understand the types of cyber crime we should be filing SARs on? For example, we always file for fraudulent wire emails and such, but what about phishing emails? The emails that just have a link trying to get the receiver (our employees) to click on it? In these instances we would pretty much only have an IP address, email address, and perhaps the link to the website the link goes to. Would we only include that sort of information on a SAR if we do indeed file on these events? Just want to make sure I understand what should and should not be reported. Thank you.

Return to Top
BSA/AML/CIP/OFAC Forum
#2130275 - 05/12/17 03:28 PM Re: cyber event SARs for phishing? J_G
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Noting only that none of the three pieces of guidance issued in late 2016 include the word "phishing," my answer would be "No." The alternative would probably generate an unmanageable number of worthless reports. If you want assurance, you need to check with the FinCEN Helpline.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#2130278 - 05/12/17 03:30 PM Re: cyber event SARs for phishing? J_G
J_G Offline
100 Club
Joined: Dec 2010
Posts: 204
Thanks Ken... I agree that it would result in a ton of worthless SARs. I will check with FinCEN.

Return to Top
#2130388 - 05/12/17 09:38 PM Re: cyber event SARs for phishing? Elwood P. Dowd
RockChucker, CAMS Offline
Diamond Poster
Joined: Jul 2013
Posts: 1,569
The Country
Originally Posted By Ken_Pegasus
The alternative would probably generate an unmanageable number of worthless reports.


Sounds like the product of most government regulations but especially BSA......just sayin.
_________________________
A successful man is one who can lay a firm foundation with the bricks others have thrown at him.
-David Brinkley

Return to Top
#2257341 - 07/28/21 09:29 PM Re: cyber event SARs for phishing? J_G
Ann Offline
Platinum Poster
Joined: Jul 2001
Posts: 550
South Carolina
Reviving an old thread...has anyone had this discussion with FinCEN lately? I spoke to them recently when 23 employees received the same "invoice" email, but they reported the incident and did not open the attachment. FinCEN said since the $ amount of the phishing attempt was unknown, there was no requirement to file.

That being said, what if HR receives an email from a fraudster posing as an employee and asks for direct deposit of payroll be directed to a different account? This was confirmed to be fraudulent by the employee. Is the salary of the employee a consideration of the dollar amount being attempted? I know this is a stretch and we have no information on the suspect. Has anyone encountered this situation?

Return to Top
#2257344 - 07/28/21 11:11 PM Re: cyber event SARs for phishing? J_G
ColoradoAML Offline
100 Club
Joined: Mar 2018
Posts: 233
If this is an employee of the financial institution, I'm sure FinCEN would be interested in this report, and it would clearly be in good faith so no one would criticize you for submitting it. You may not have a name, but you've got some money mule's account number.

If you really don't want to file, I would assume your documentation would include the fact that a single pay period is less than the filing threshold. Also, we've had customers fall victims to redirected payroll scams that weren't discovered for months, so while I think one pay period is a reasonable amount, there is not necessarily a ceiling for the at-risk amount in this case.

In my opinion, the only safe choice is to file, whether you consider it voluntary or not.

Return to Top
#2257360 - 07/29/21 02:24 PM Re: cyber event SARs for phishing? J_G
RockChucker, CAMS Offline
Diamond Poster
Joined: Jul 2013
Posts: 1,569
The Country
I'll take the other side and say FinCEN doesn't really care if your HR received a phishing email. Can you imagine the millions of phishing emails HR reps get around the country? Not only that but why is FinCEN really going to do with a phishing email report?

That said, for the scenario you presented I would consider the monthly or bi-monthly payroll amount for the employee in question as the amount attempted. I'm sure there are some people in banking that wouldn't notice not getting paid once but it would be a very small amount of people and to miss to pay periods would be astronomically small.

Document why you are not filing and move on assuming the amount is below the reporting threshold. Defensive filing is for weak BSA programs.
_________________________
A successful man is one who can lay a firm foundation with the bricks others have thrown at him.
-David Brinkley

Return to Top

Moderator:  Andy_Z