The National Credit Union Administration has posted its 2007 Regulatory Review List, which includes the regulations the Board has scheduled to review this year.

NCUA General Counsel Opinion 06-1135 - Federal Credit Union’s Ability to Provide First-time Homebuyer Education to Non-members Ineligible for Membership This is an opinion of the NCUA Office of General Counsel addressing Federal Credit Union’s Ability to Provide First-time Homebuyers Education to Non-Members Ineligible for Membership

NCUA General Counsel Opinion 06-0817 - Funding Potential Employee Benefit Plan Obligation Under §701.19 - December 15, 2007 This is an opinion of the NCUA Office of the General Counsel addressing Fund Potential Employee Benefit Plan Obligation Under §701.19

National Credit Union Administration (NCUA) Vice Chairman Rodney E. Hood hosted a Risk Mitigation Summit Thursday at the United States Chamber of Commerce. The event was filled to capacity with over 120 guests as leaders from government and industry discussed the latest and most effective techniques for risk mitigation.

Board Member Gigi Hyland today announced that members of the Outreach Task Force have been appointed from among a diverse group of NCUA professionals. The task force will begin its work later this month with an in-person meeting at NCUA headquarters. In addition to staff deliberations, Board Member Hyland will conduct a series of regional “town hall” and other meetings to gather input and ideas from credit unions, credit union leagues, and other interested parties.

Websense® Security Labs™ has received reports of a phishing attack that targets customers of the Co-operative Bank p.l.c. Users receive a spoofed email message, informing them that access to their online account has been restricted due to an access attempt by a blacklisted IP address. The email provides a link to a phishing site that attempts to collect personal and account information.

This phishing site is hosted in United Kingdom and was up at the time of this alert.

Phishing email text:

Dear Customer, Our security systems have recorded an unusual log in attempt into your online banking service. This attempt was made from an unknown and blacklisted IP address, which is noted worldwide for fraudulent online transactions: (x.x.x.x).Consequently, we placed a restriction on your online access. We did this to protect your account from any fraudulent activity.

To restore your online access and remove all the restrictions we placed on your online service please CLICK HERE < LINK REMOVED >. Please ensure that all required information are provided accurately.  Best wishes,

W. R. Tish,
Online Banking Security Advisor,
The Co-operative Bank p.l.c.

All Rights Reserved © 2007
Co-operative Bank p.l.c. Head Office: 1 Balloon Street, Manchester, M60 4EP.

Phishing Screenshot #1:

Phishing Screenshot #2:

Phishing Screenshot #3:

Websense Security Labs has discovered that Brazilian-based malicious code authors are now utilizing a popular web exploit kit which originates in Russia. This combination of the groups working together is relevant because previously we have not seen such collaboration. The Web Attacker toolkit allows attackers to place code on their website to infect users when the site is visited. This toolkit is the most popular exploit kit on the web today.

Previously, Brazilian attacks mostly used deception as a means to dupe users into running their code. These attacks provide the largest volume of unique samples that we see on daily basis.

Of the sample attacks that we received this morning, one is a fake news story about a robbery that claims to have a large reward for the capture of the criminal. Another attack is contained in an email asking you to view some photos.

In both examples, the attackers used email as the lure to attract visitors to their sites. Both sites contained live code that installed and downloaded information stealing malicious code, if the visitor’s PC was not fully patched.

Attack example screenshot 1:

Attack example screenshot 2:

The Community Development Revolving Loan Fund Reports for December 2006 are available

The Community Development Revolving Loan Fund Reports for December 2006 are available

The National Credit Union Administration and the Financial Crimes Enforcement Network announced that they will jointly host a seminar over the web “BSA: A Year in Review Setting the Table for 2007.” The seminar, known as a webinar, will take place on Tuesday, February 6, 2007 and will be co-hosted by JoAnn Johnson, Chairman of the National Union Administration (NCUA), and Jamal El-Hindi, Associate Director of the Regulatory and Programs Division at the Financial Crimes Enforcement Network (FinCEN).