FINRA Warns of Phishing Emails Targeting MembersCampaign Designed to Harvest Credentials of Financial Industry Regulatory Authority Members
The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members.
In an alert issued Monday, FINRA notes that the phishing emails bear the names of Bill Wollman or Josh Drobnyk, vice presidents of the organization. The emails appear to originate from a domain called "@broker-finra.org," which is not associated with FINRA.
The messages, which carry the subject line "Action Required: FINRA Broker Notice for [Firm Name]," ask recipients to take immediate action and open a file, which is sometimes a PDF document, according to the alert. The attachments direct the recipient to a website, which asks for a username and password for a Microsoft Office or SharePoint account, according to the alert.
"FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident," the alert states.
The phishing campaign is ongoing, FINRA says. But a representative of the organization declined to comment beyond the information released Monday, which did not specify whether any FINRA members had their credentials stolen.
A sample phishing email released by FINRA only asks the recipient to open an attached file that "requires immediate attention."
"In some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information," according to the alert. FINRA did not provide other details about those messages.
In March, FINRA released another notice to its members warning about increasing cyberthreats as a result of the COVID-19 pandemic leading to a shift to working at home.
Another recent phishing campaign targeted business executives in an attempt to harvest credentials for their their Microsoft Office accounts (see: Phishing Campaigns Target Senior Executives via Office 365).