US FINRA warns US brokerage firms and brokers of ongoing phishing attacks

US FINRA warns US brokerage firms and brokers of ongoing phishing attacks

The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info.

The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing sensitive information.

The regulator reported that threat actors behind the campaign are using multiple domains (i.e., finrar-reporting[.]org, finpro-finrar[.]org, gateway2-finra[.]org) impersonating the legitimate websites

“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from FINRA” reads the alert published by the authority. “and using one of at least three imposter FINRA domain names:

  • “@finrar-reporting.org”
  • “@Finpro-finrar.org”
  • “@gateway2-finra.org”

The email asks the recipient to click a link to “view request” and provide information to “complete” that request, noting that “late submission may attract penalties.”

The above domains were registered recently, on August 12, through Hosting Concepts B.V. and NameCheap registrars.

Recipients that have clicked on any link or image included in the messages are recommended to immediately notify the appropriate individuals in their organizations.

FINRA recommends brokerage firms and brokers to verify the legitimacy of any suspicious email prior to opening any attachments or clicking on embedded links.

The regulator already requested to the relevant Internet domain registrars to suspend the domain names employed in the attacks.

“For more information, firms should review the resources provided on US Financial Industry Regulatory Authority’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices – 2018,” the authority adds.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini AuthorPierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X