The Financial Industry Regulatory Authority (FINRA) has warned of a phishing campaign that’s trying to trick users into responding to a phony regulatory non-compliance issue. The emails contain malicious links or documents.
“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from ‘FINRA Membership’ and using the email address ‘supports@finra-online[.]com,’ FINRA says. “The email asks the recipient to respond to an issue of ‘regulatory non-compliance for which your immediate response is required’ and then asks the recipient to click on a link or document. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”
The documents against which FINRA is warning will presumably deliver malware and the links will lead to a malicious website. The phishing emails read, “Good day, Please find the following attached report from FINRA on regulatory non-compliance for which your immediate response is required. As part of a disclosure review process, we require this background report be completed. Review the enclosed document in respect to our compliance policy. If you've got more questions regarding this letter don't hesitate [sic] to contact us. Regards, Team FINRA.”
This type of issue would catch the attention of many employees, and FINRA recommends that users be vigilant when dealing with emails that seem urgent. (On the plus side, note that the social engineers show that loose idiomatic control that’s helped so many potential victims spit the hook before they’re landed. Spelling and grammar count in life as much as in high school.)
“The domain of ‘finra-online[.]com’ is not connected to FINRA and firms should delete all emails originating from this domain name,” the alert states. “FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA has requested that the Internet domain registrar suspend services for ‘finra-online[.]com.’
New-school security awareness training can teach your employees to be wary of unsolicited emails so they can avoid falling for phishing attacks.
FINRA has the story.
