The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information.
FINRA is a non-profit organization and self-regulatory body authorized by the U.S. government to regulate exchange markets and brokerage firms. According to FINRA, the organization supervises over 624,000 brokers across the country and examines billions of market events each day.
Phishing emails sent from fake FINRA domain name
The financial industry regulator said that the phishing messages are being sent from a fake FINRA domain and made to look like they were being sent by FINRA.
Member firms are asked to fill a survey by October 13, with the information needed to FINRA would need to "update its conduct and supervisory rules."
"The email was sent from the domain '@regulation-finra.org' and was preceded by 'info' followed by a number, e.g., email@example.com," the regulator said.
"FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident."
Since the regulation-finra.org domain is not connected in any way with FINRA, member firms are urged to immediately delete any and all emails they received from this domain.
"FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links," the notice adds.
Previous phishing alerts
During August, FINRA warned members of attackers using registered brokers' info to create convincing phishing sites.
Another alert issued the same month notified of threat actors using a copycat site hosted at finnra[.]org with a registration form used to collect personal information that could later be used in spear-phishing attacks targeting FINRA members.
The regulator issued another security alert in May warning of a "widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers," including but not limited to Josh Drobnyk and Bill Wollman, two of the non-profit's vice-presidents.
Last year, FINRA also published a notice to inform of fraudulent emails targeting members using a USA Patriot Act provision relating to the ability of financial organizations to share info for additional authenticity.
VortexShield will protect your computer from hackers and malware. Users still need to be vigilant about suspicious emails. If they do end up clicking on a malicious link our solution will stop the malware.