Cybercriminals use the simple adage of “follow the money”. And where’s one of the largest sources of money? Brokerage firms. All it takes is a little compromised access and the bad guys can pretty much do what they want. What better way to get the attention of users at these firms than by pretending to be FINRA – the regulating body that governs their activity.
According to a new regulatory notice put out by FINRA puts firms on notice that emails have been sent out from the domain “regulation-finra.org” which has since been taken down by the registrar on the request of FINRA themselves.
Potential victims were sent an email asking them to participate in a survey regarding the updating of regulation rules, as shown below.
It’s not clear what threat action comes next (e.g., credential phishing, attempted download of malware, etc.), but it’s enough to get FINRA’s attention.
Brokerage firms are a high value target, so propping up a layered defense that includes Security Awareness Training to keep users on high alert when emails like this make their way to the Inbox is critical to stop these attacks in their tracks.