FINRA: Phishing Emails Targeting Financial Companies
On Monday, May 4th, **FINRA (Financial Industry Regulatory Authority), issued a warning to financial companies stating that a new email phishing campaign was doing the rounds. According to the regulator, the campaign is ongoing, widespread, and made to look as though the emails are coming from FINRA itself. Administrators at financial organizations already enough to deal with (complying with a large array of requirements such as the NYDFS Cybersecurity Regulation, GLBA and SOX being a few of them), as well as juggling the complications that COVID-19 has now brought to the table, like making remote working a secure and viable option. An email phishing campaign that is serious enough to elicit a warning from FINRA is the last thing they needed.
Beware the Subject Line
These emails claim to be sent from FINRA themselves, which is a self-regulatory organization that with the SEC (Securities and Exchange Commission) regulates the financial industry in the United States. The subject line of the phishing emails reads “Action Required: FINRA Broker Notice for Firm Name”. Always be wary of the contents of an email subject line, cybercriminals will word these very carefully to slide the email past spam filters and land directly in the inbox.
FINRA has actively encouraged its members to reset their credentials immediately where they may have been duped into divulging them. The emails are particularly deceptive because they come from a domain that appears to belong to FINRA (broker-finra.org). The company has now contacted the domain registrar and they, in turn, have suspended the site’s services. That domain now points to BrokerCheck – a website that FINRA owns and operates.
The emails themselves also appear to have come from executives like Bill Wollman (Executive Vice President of FINRA) and Josh Drobnyk (Senior Vice President). According to FINRA’s alert, some emails also contain attachments that come in the form of a legitimate-looking PDF asking recipients to enter Sharepoint or Microsoft Office passwords.
A part of the FINRA warning reads:
“FINRA reminds firms to verify the legitimacy of any suspicious email before responding to it, opening any attachments or clicking on any embedded links,”
They also add that organizations should make themselves aware of some of the ‘hallmarks’ of phishing attempts, citing a 2018 Cybersecurity report it had previously published. The authority says that an example of the current phishing email that is being sent out looks like the following sample:
Sample Phishing Email
Subject: Action Required: FINRA Broker Notice for [Firm Name].
I hope you are well and keeping safe.
I have been asked to send the attached document for [Firm Name] to you. They require immediate attention.
This is important and needs to be attended to before the end of this week.
Please let me know if you have any questions.
Vice President, Head of Office of Financial and Operational Risk Policy
The SEC (Securities and Exchange Commission) is a branch of the United States government, mandated as a part of the 1993 Securities Act and the 1934 Securities Exchange Act… BUT, FINRA’s rules only apply to its members. These rules govern how transactions, sanctions, investigations, and supervisory duties are dealt with / handled.
Aside from a very brief **message in March, related to COVID-19 phishing scams, this is the first warning that FINRA has issued regarding email phishing scams since **February of 2019. So, while the warning is not exactly unprecedented, it is something of a rarity.
Phishing scams are not likely going to go away anytime soon but taking precautions is going to help save you from some potentially damaging errors. For a really good night’s sleep however, you may need the email security services of the professionals.
Pandemic-Related Business Continuity Planning
Due to the recent outbreak of coronavirus disease (COVID-19), FINRA reminds member firms to consider pandemic-related business continuity planning, including whether their business continuity plans (BCPs) are sufficiently flexible to address a wide range of possible effects in the event of a pandemic in the United States. Each member firm is also encouraged to review its BCP to consider pandemic preparedness and to review its emergency contacts to ensure that FINRA has a reliable means of contacting the firm. This Notice also provides pandemic-related guidance and regulatory relief to member firms from some requirements. As coronavirus-related risks decrease, member firms should expect to return to meet any regulatory obligations for which relief has been provided.
Spambrella offers a continuous SMTP Deferral, Failover & Queue protection—and get instant and automatic email spooling and failover activation, and preserve email metadata during an outage, without requiring any administration intervention – Email continuity services
References and Sources: