FINRA Warns of Fake Emails
The Financial Industry Regulatory Authority (FINRA) has issued an alert warning of reported phishing attempts using fake FINRA credentials. Per the notice, an ongoing email phishing campaign has been reported, in which the fake FINRA domain name of supports@finra-online.com is being used.
The phishing emails request that recipients immediately respond to a regulatory non-compliance issue. The emails then ask recipients to click a link or an attached document.
FINRA reiterates that the domain finra-online.com is not associated with the regulatory authority. It has requested from the internet domain registrar that that domain be suspended. It advises that recipients refrain from clicking any links in the emails, refrain from opening any attachments in the emails, and ideally immediately delete any emails from the fraudulent address.
ACA guidance
The FINRA notice follows a similar notice of a phishing campaign using fake National Futures Association (NFA) credentials, alerted to by ACA Aponix® on March 4. The proximity of these notifications indicates the proliferation of phishing attempts that are circulating, and the increased need for vigilance and training in this regard.
ACA Aponix recommends that FINRA-regulated firms, and all firms in general:
- Be on the lookout for emails with from source of supports@finra-online.com. Note that the finra-online.com is not associated with FINRA, and indicates a fraudulent phishing campaign.
- Immediately delete all emails from supports@finra-online.com.
- Alert all staff regarding this phishing campaign.
- Block the finra-online.com domain and URL on the company spam filter.
- Immediately change the password for any user that did fall for the phishing campaign and submitted their login credentials.
- Enable multi-factor authentication (MFA) if not already enabled.
- Remind staff to generally inspect hyperlinks and domain names to verify that they are from a trusted source.
- Enhance training efforts toward recognizing and preventing phishing attempts and related criminal activity.
How we help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar social engineering efforts, and to enhance its cybersecurity in general:
- Threat intelligence, phishing testing and monitoring
- Operational resilience and governance
- Risk assessments and regulatory compliance testing services
Download our Aponix Protect™ cybersecurity solution brochure.
If you have any questions, please contact your ACA Aponix consultant or contact us.
Related insights
Two Important Cybersecurity Alerts from CISA
The Cybersecurity and Infrastructure Security Agency (CISA) issued two advisories that require impacted firms to take immediate action.
- Cybersecurity
Cybersecurity Benchmarking Survey Lists Top Concerns and Preparedness Among Respondents
Our annual survey in partnership with NSCP reveals that investment firms overlook AI as a cybersecurity risk and remain wary about SEC cybersecurity enforcement and compliance with new rules
- Cybersecurity
- Cybersecurity Resources
- ACA News
NIST Cybersecurity Framework 2.0
The National Institute of Standards and Technology (NIST) released version 2.0 of its landmark cybersecurity framework.
- Cybersecurity
- Cybersecurity Resources