FINRA Warns of Fake Emails
The Financial Industry Regulatory Authority (FINRA) has issued an alert warning of reported phishing attempts using fake FINRA credentials. Per the notice, an ongoing email phishing campaign has been reported, in which the fake FINRA domain name of [email protected] is being used.
The phishing emails request that recipients immediately respond to a regulatory non-compliance issue. The emails then ask recipients to click a link or an attached document.
FINRA reiterates that the domain finra-online.com is not associated with the regulatory authority. It has requested from the internet domain registrar that that domain be suspended. It advises that recipients refrain from clicking any links in the emails, refrain from opening any attachments in the emails, and ideally immediately delete any emails from the fraudulent address.
The FINRA notice follows a similar notice of a phishing campaign using fake National Futures Association (NFA) credentials, alerted to by ACA Aponix® on March 4. The proximity of these notifications indicates the proliferation of phishing attempts that are circulating, and the increased need for vigilance and training in this regard.
ACA Aponix recommends that FINRA-regulated firms, and all firms in general:
- Be on the lookout for emails with from source of [email protected]. Note that the finra-online.com is not associated with FINRA, and indicates a fraudulent phishing campaign.
- Immediately delete all emails from [email protected].
- Alert all staff regarding this phishing campaign.
- Block the finra-online.com domain and URL on the company spam filter.
- Immediately change the password for any user that did fall for the phishing campaign and submitted their login credentials.
- Enable multi-factor authentication (MFA) if not already enabled.
- Remind staff to generally inspect hyperlinks and domain names to verify that they are from a trusted source.
- Enhance training efforts toward recognizing and preventing phishing attempts and related criminal activity.
How we help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar social engineering efforts, and to enhance its cybersecurity in general:
- Threat intelligence, phishing testing and monitoring
- Operational resilience and governance
- Risk assessments and regulatory compliance testing services
Download our Aponix Protect™ cybersecurity solution brochure.
If you have any questions, please contact your ACA Aponix consultant or contact us.