TRENDING:

Access Management , Cybercrime , Fraud Management & Cybercrime

FINRA Warns of Phishing Emails Targeting Members

Campaign Designed to Harvest Credentials of Financial Industry Regulatory Authority Members Ishita Chigilli Palli (Ishita_CP) • May 5, 2020    
FINRA Warns of Phishing Emails Targeting Members

The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members.

See Also: Rapid Digitization and Risk: A Roundtable Preview

In an alert issued Monday, FINRA notes that the phishing emails bear the names of Bill Wollman or Josh Drobnyk, vice presidents of the organization. The emails appear to originate from a domain called "@broker-finra.org," which is not associated with FINRA.

The messages, which carry the subject line "Action Required: FINRA Broker Notice for [Firm Name]," ask recipients to take immediate action and open a file, which is sometimes a PDF document, according to the alert. The attachments direct the recipient to a website, which asks for a username and password for a Microsoft Office or SharePoint account, according to the alert.

"FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident," the alert states.

The phishing campaign is ongoing, FINRA says. But a representative of the organization declined to comment beyond the information released Monday, which did not specify whether any FINRA members had their credentials stolen.

FINRA oversees about 4,250 brokerage firms and exchange markets and has nearly 625,000 registered members, according to the organization's statistics for 2019. It has about 3,600 employees.

Phishing Emails

A sample phishing email released by FINRA only asks the recipient to open an attached file that "requires immediate attention."

Phishing email impersonating FINRA executive (Source: FINRA)

"In some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information," according to the alert. FINRA did not provide other details about those messages.

In March, FINRA released another notice to its members warning about increasing cyberthreats as a result of the COVID-19 pandemic leading to a shift to working at home.

Another recent phishing campaign targeted business executives in an attempt to harvest credentials for their their Microsoft Office accounts (see: Phishing Campaigns Target Senior Executives via Office 365).

Previous
Google, Apple Reveal More Contact-Tracing Details
Next
2020 Cyber Threats, Trends and Attacks

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.