The Financial Industry Regulatory Authority (FINRA) has issued an alert regarding the appearance of fake emails purporting to be from the authority requesting that recipients fill out a survey. The fake emails are in fact phishing attempts aimed at getting recipients to divulge credentials or to click on links with potentially harmful content.
The suspicious emails can be identified by the fraudulent sender address, firstname.lastname@example.org, with the # varying from email to email (e.g., email@example.com). The authority stresses that regulation-finra.org is a domain with no connection to FINRA. They have since requested from the internet domain register to suspend services for that domain.
FINRA recommends that individuals who have clicked on links from these emails immediately notify appropriate incident management representatives in their organization. The alert further provides contact information for additional information pertaining to this threat.
ACA Aponix recommends brokers and broker-dealers block the domain regulation-finra.org, and be on the lookout for emails or other material with the “from” source of info#@regulation-finra, and, if received, not click on links they contain and not respond to their content request.
In general, users are advised to carefully inspect hyperlinks and domain names to verify that they are from a trusted source. Additionally, firms are advised to enhance training efforts toward recognizing and preventing phishing attempts and related criminal activity.
How We Help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar social engineering efforts, and to enhance its cybersecurity in general:
- Phishing testing and cyber awareness
- Threat intelligence
- Cybersecurity and technology risk assessments
- Mock regulatory cyber exams
- Penetration testing and vulnerability assessments
- Policies, procedures, and governance
- Cyber incident response planning
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.