.jpg?width=300&name=iStock-1057890202%20(1).jpg)
A mix of domain, phishing emails, a dash of social engineering, and a survey are the recipe for a simple and yet effective campaign targeting the financial sector.
Cybercriminals use the simple adage of “follow the money”. And where’s one of the largest sources of money? Brokerage firms. All it takes is a little compromised access and the bad guys can pretty much do what they want. What better way to get the attention of users at these firms than by pretending to be FINRA – the regulating body that governs their activity.
According to a new regulatory notice put out by FINRA puts firms on notice that emails have been sent out from the domain “regulation-finra.org” which has since been taken down by the registrar on the request of FINRA themselves.
Potential victims were sent an email asking them to participate in a survey regarding the updating of regulation rules, as shown below.
It’s not clear what threat action comes next (e.g., credential phishing, attempted download of malware, etc.), but it’s enough to get FINRA’s attention.
This isn’t the first time FINRA has been impersonated; I’ve discussed both phishing scams and even domain impersonation attacks targeting member firms.
Brokerage firms are a high value target, so propping up a layered defense that includes Security Awareness Training to keep users on high alert when emails like this make their way to the Inbox is critical to stop these attacks in their tracks.
