- The phishing emails targeting brokerage firms purport to be from a legitimate credit union attempting to notify the firms about potential money laundering.
- These phishing emails also come with a number of other fraud red flags.
The Financial Industry Regulatory Authority (FINRA) has issued an information notice to alert brokerage firms on an ongoing phishing attack which currently targets its member firms with phishing emails.
The Financial Industry Regulatory Authority (FINRA) is a non-profit organization authorized by Congress that protects America’s investors by ensuring that the broker-dealer relationship operates smoothly and fairly.
Malicious email campaign
FINRA issued the phishing campaign warning after it received complaints from several brokerage firms stating that they have received suspicious emails targeting their compliance personnel.
“The email appears to be from a legitimate credit union attempting to notify the firm about potential money laundering involving a purported client of the firm,” the information notice read.
The phishing email comes with an attachment containing a malicious document. The email urges the brokerage firms to open the document. Once the attachment is downloaded, the malware gains unauthorized access to the victims’ machine.
Phishing emails purported to be from a BSA-AML compliance officer
Member firms who received such phishing emails reported that the emails purported to be from a BSA-AML compliance officer working at a legitimate Indiana-based credit union.
The member firms further noted that the phishing emails stated that a money transaction made by a firm client to the credit union was put on hold due to a potential money laundering issue.
They further noted that the sender attempted to provide some authenticity to the emails by including a reference to a provision of the USA Patriot Act that relates to the ability of financial institutions to share information with each other.
FINRA noted that these phishing emails also come with a number of other fraud red flags such as,
- The email address appears to be from Europe instead of the U.S.-based credit union.
- Numerous occurrences of poor grammar and sentence structure.
- A request that the recipient opens the email attachment for more details.
- FINRA recommends its member firms to exercise caution while opening or responding to any suspicious emails from unknown senders.
- It requests firms to not open any links or attachments from anonymous senders.
- Additionally, it urges brokerage firms to report the incident at https://www.finra.org or whistleblower[at]finra[dot]org, in case they receive any suspicious emails.