A new alert issued to financial brokers and dealers warns about widespread scams, in which fake emails supposedly sent by financial regulators could allow computers to be hacked.
The Financial Industry Regulatory Authority (FINRA) issued a Cybersecurity Regulatory Notice on May 4, advising financial firms to be vigilant in screening emails received from the agency, as hackers are attempting to exploit financial firm employees working remotely on unsecure devices during the COVID-19 pandemic.
According to the warning, hackers seek to exploit financial firms with deceptive emails that encourage immediate responses or require users to enter their passwords to gain access to the fake notices.
FINRA has reviewed several reports where financial firms have received emails with the source domain name “@broker-finra.org”, requesting immediate attention to an attachment relating to the firm. The domain name will appear legitimate, but will have slight spelling variations to deceive recipients not diligently reviewing the sender’s email address.
When the attachments or embedded links within the emails are opened the user may be prompted to enter their Microsoft or SharePoint passwords, which could allow a hacker to gain leverage on business, personal and sensitive financial information.
Some reports indicate no attachments or links were included in some of the phishing emails, which are believed to have been sent in an attempt to gain the recipients trust so that continued follow up correspondence with confidential information could be shared.
FINRA warns the emails appear legitimate, and may even contain the names of actual FINRA officers. To date, the agency has identified fraudulent emails purported to be from FINRA officers Bill Wollman and Josh Drobnyk.
The notices strongly encourage anyone who has received an email from the @broker-finra.org source domain, or from any other sender not verified by FINRA, to not open it and have the firm report the event to FINRA, the Securities and Exchange Commission or the Federal Bureau of Investigation.
Those who have launched the embedded links or opened attachments and entered their passwords should change them immediately and notify the appropriate individuals in their firm of the incident.
Among other scams firms are being advised to look out for are fraudulent account openings and money transfers, IT Help Desk scams, and similarly fraudulent emails sent firm-to-firm.
The financial industry is being reminded that during the continued stay-at-home orders and encouraged telework, employees should remain vigilant in verifying the legitimacy of suspicious emails prior to responding to them, opening attachments or clicking on links.
FINRA announced they have assembled a fraud task force to specifically handle these fraudulent events. Additional information and resources on how to prevent and handle scams can be found on FINRA’s Cybersecurity Topic Page.