FINRA Warns of Fraudulent Survey Emails
The Financial Industry Regulatory Authority (FINRA) has issued an alert regarding the appearance of fake emails purporting to be from the authority requesting that recipients fill out a survey. The fake emails are in fact phishing attempts aimed at getting recipients to divulge credentials or to click on links with potentially harmful content.
The suspicious emails can be identified by the fraudulent sender address, info#@regulation-finra.org, with the # varying from email to email (e.g., info5@regulation-finra.org). The authority stresses that regulation-finra.org is a domain with no connection to FINRA. They have since requested from the internet domain register to suspend services for that domain.
FINRA recommends that individuals who have clicked on links from these emails immediately notify appropriate incident management representatives in their organization. The alert further provides contact information for additional information pertaining to this threat.
ACA Guidance
ACA Aponix recommends brokers and broker-dealers block the domain regulation-finra.org, and be on the lookout for emails or other material with the “from” source of info#@regulation-finra, and, if received, not click on links they contain and not respond to their content request.
In general, users are advised to carefully inspect hyperlinks and domain names to verify that they are from a trusted source. Additionally, firms are advised to enhance training efforts toward recognizing and preventing phishing attempts and related criminal activity.
How We Help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar social engineering efforts, and to enhance its cybersecurity in general:
- Phishing testing and cyber awareness
- Threat intelligence
- Cybersecurity and technology risk assessments
- Mock regulatory cyber exams
- Penetration testing and vulnerability assessments
- Policies, procedures, and governance
- Cyber incident response planning
If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.
Related insights
Highlights From the 2024 ACA Conference
As the curtains close on the ACA Conference 2024, the echoes of transformative dialogue and insightful revelations resonate, shaping the trajectory of GRC in financial services.
- Compliance
- RegTech
- Cybersecurity
- ESG
- Performance
- Managed Services
- SEC
Critical Vulnerability Detected in Palo Alto Networks' GlobalProtect Gateways
A popular firewall used in the financial industry is under attack due to a critital zero-day vulnerability. Firms that use Palo Alto Networks' firewall need to update their software to protect their systems.
- Cybersecurity
Two Important Cybersecurity Alerts from CISA
The Cybersecurity and Infrastructure Security Agency (CISA) issued two advisories that require impacted firms to take immediate action.
- Cybersecurity