FINRA Warns of Yet Another Phishing Attack Targeting Finance Industry
Emails from an ongoing campaign are not connected to FINRA and should be deleted, the organization warns.
Financial services organizations should be aware of yet another phishing scam targeting the industry.
The issue, like several of late, involve attackers purporting to represent FINRA, the Financial Industry Regulatory Authority.
FINRA, while independent and not connected to the government, helps safeguard securities firms, brokers, and brokerage firms. The regulatory body oversees the trading of equities, bonds, and other options and does have the ability to levy fines and refer instances of fraud and insider trading to the Securities and Exchange Commission.
According to a security notice posted to its site on Monday, the latest scam involving the body has come from emails from the domain @invest-finra.org, a domain FINRA reports it doesn't own and has asked the registrar in charge of it to suspend services for. Recipients should delete any emails from that domain if they haven't yet already.
A quick WHOIS check reveals the domain is still technically registered; it was created in early November by someone in or around Paris, France through the registrar gandi.net.
Attacks like these have been a perpetual thorn in FINRA’s side this year.
In October the organization warned about a phishing campaign it spotted that claimed to be spreading a FINRA survey. In reality, the survey wasn't from FINRA and instead came from a fabricated domain, regulation-finra.org.
An attack in May came from emails attached to another fake domain, broker-finra.org. In those emails, the attackers purported to be actual FINRA officers, Bill Wollman and Josh Drobnyk. The scam tried to trick recipients into following a link through an attached PDF file to a website that prompted the user to enter their Microsoft Office or SharePoint password; it's unclear how many employees fell for the scam.
Many of the scams have likely been driven by having so many in finance industry, like everywhere these days, working from home. Phishers have pounced on the possibility that not everyone may be paying close attention to where these emails are originating. If only given a passing glance, invest-finra.org can look legitimate enough to click.
It's unclear what exactly emails from the latest phishing campaign entailed, if there was an attachment or merely bogus guidance. Regardless, FINRA is encouraging anyone who may have clicked on a link or image in the email to contact the appropriate individuals in their firm. Further questions can be directed towards FINRA's director and senior principal risk specialist of its Member Supervision Specialist Programs.