Connect with us

Hi, what are you looking for?

Cyber Security

US brokers warned of ongoing phishing attacks impersonating FINRA

The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties.

FINRA is a non-profit organization supervised by the Securities and Exchange Commission (SEC) and authorized by the US government to regulate all publicly active securities firms and exchange markets.

This independent, non-governmental securities regulator supervises over 600,000 brokers across the nation and keeps track of billions of market events every day.

Impersonated FINRA domain names used for phishing

In a notice issued on Friday, the US financial industry regulator said that the phishing messages are being sent from multiple domains impersonating FINRA official sites.

The attackers are using at least three different domains in this campaign (i.e., finrar-reporting[.]org, finpro-finrar[.]org, gateway2-finra[.]org).

“The email asks the recipient to click a link to ‘view request’ and provide information to ‘complete’ that request, noting that ‘late submission may attract penalties’,” the regulatory notice reads.

This tactic is designed to add urgency to the attackers’ demands, with the hope that the victims would answer their request before checking the emails’ legitimacy.

“FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident,” the regulator adds.

Brokerage firms and their employees are urged to verify the legitimacy of all suspicious emails before replying, opening attachments, or clicking on embedded links.

FINRA Sample Phishing Email
Image: FINRA

The domains used in these ongoing phishing attacks were registered on Thursday, August 12, using the services of the Hosting Concepts B.V. and NameCheap registrars.

Before issuing the alert, FINRA asked the Internet domain registrar to suspend services for the malicious domains due to their use in active phishing attacks.

According to the US financial market regulator, none of the domain names used to deliver phishing messages are connected to FINRA.

Organizations receiving phishing emails originating from these domain names are advised to delete them immediately.

“For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices – 2018,” FINRA added.

Similar phishing attack spotted in June

While the financial regulator rarely issues such regulatory notices, it has published three of them this year, all of them informing brokers of phishing attacks targeting their information.

In June, FINRA warned of a very similar campaign also threatening recipients with penalties following failure to submit the requested information in a timely fashion.

Advertisement. Scroll to continue reading.

Another alert, issued in March, alerted US brokers of a phishing campaign using fake compliance audit alerts to harvest brokers’ information.

Last year, brokerage firms were warned of spear-phishing attacks that redirected targets to a fake registration form hosted on the finnra[.]org copycat site.

Source: https://www.bleepingcomputer.com/news/security/us-brokers-warned-of-ongoing-phishing-attacks-impersonating-finra/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The Cyber Safety Review Board will assess how a hacking group reportedly linked to China leveraged a vulnerability in Microsoft Exchange Online to access...

Cyber Security

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. The...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO