Attackers can be often seen carrying out effective phishing campaigns using common yet believable email templates from government agencies.

What was found?

The U.S. Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning brokers of an ongoing phishing campaign leveraging fake email templates.

How is it working?

The phishing campaign has been using fake compliance audit alerts from FINRA to harvest information from U.S. brokerage firms and brokers.
  • The attackers are using finra-online[.]com, a recently registered web domain, to send phishing messages.
  • They used the FINRA Membership sender name and the legitimate FINRA website spoofing trick to add legitimacy to the phishing messages.
  • The domain used in these ongoing phishing attacks was registered on March 3, using the NameCheap domain name registrar.

FINRA's recent alerts

In the last few months, FINRA has issued several alerts for phishing campaigns that were using lookalike domains.
  • In December 2020, fraudulent emails with the domain @invest-finra[.]org were targeting U.S. brokers.
  • In October 2020, phishing campaigns were using fake FINRA surveys and @regulation-finra[.]org domain to harvest information from brokerage firms.

Summing up

FINRA had issued several regulatory notices in the last year, with two of them alerting about phishing attacks targeting brokers' information. The regulator has recommended brokers and brokerage firms to remain cautious against such phishing attacks and follow security guidelines to avoid any risks.
Cyware Publisher

Publisher

Cyware