The Financial Industry Regulatory Authority (FINRA) warned that digital fraudsters are impersonating it in an ongoing phishing email campaign.

In a regulatory notice published on its website, FINRA revealed that malicious actors had sent out fraudulent emails in which they had impersonated officers at the regulatory authority including Bill Wollman and Josh Drobnyk. All of those fraudulent messages originated from the domain “broker-finra[.]org,” and they demanded that the recipient dedicate their “immediate attention” to sending back sensitive firm data.

In other cases, the emails served as a means to establish trust with the recipient so that they would be more inclined to open a follow-up piece of correspondence. Those messages commonly used infected attachments and links to redirect recipients to a phishing website designed to steal their Microsoft Office or SharePoint password.

Attachment A – Sample Phishing Email (Source: FINRA)

FINRA made it clear in its notice that it’s working to shut down the phishing campaign described above:

The domain of “broker-finra[.]org” is not connected to FINRA and firms should delete all emails originating from this domain name. In addition, FINRA has requested that the Internet domain registrar suspend services for “broker-finra[.]org”.

In the meantime, the regulatory authority urged recipients who had clicked on a link/attachment in one of the attack emails and supplied their password to change their login credentials as soon as possible. It also emphasized the importance of users verifying the legitimacy of an email from FINRA before responding to it, opening an attachment or clicking on a link. One of the ways they can do that is to carefully inspect the domain to make sure it’s actually coming from “finra.org” and not some clever lookalike.

Claroty

Organizations can take their anti-phishing defenses a step further by educating their users about the most common (Read more...)