FINRA Warns of Fraudulent Survey Emails
The Financial Industry Regulatory Authority (FINRA) has issued an alert regarding the appearance of fake emails purporting to be from the authority requesting that recipients fill out a survey. The fake emails are in fact phishing attempts aimed at getting recipients to divulge credentials or to click on links with potentially harmful content.
The suspicious emails can be identified by the fraudulent sender address, info#@regulation-finra.org, with the # varying from email to email (e.g., info5@regulation-finra.org). The authority stresses that regulation-finra.org is a domain with no connection to FINRA. They have since requested from the internet domain register to suspend services for that domain.
FINRA recommends that individuals who have clicked on links from these emails immediately notify appropriate incident management representatives in their organization. The alert further provides contact information for additional information pertaining to this threat.
ACA Guidance
ACA Aponix recommends brokers and broker-dealers block the domain regulation-finra.org, and be on the lookout for emails or other material with the “from” source of info#@regulation-finra, and, if received, not click on links they contain and not respond to their content request.
In general, users are advised to carefully inspect hyperlinks and domain names to verify that they are from a trusted source. Additionally, firms are advised to enhance training efforts toward recognizing and preventing phishing attempts and related criminal activity.
How We Help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar social engineering efforts, and to enhance its cybersecurity in general:
- Phishing testing and cyber awareness
- Threat intelligence
- Cybersecurity and technology risk assessments
- Mock regulatory cyber exams
- Penetration testing and vulnerability assessments
- Policies, procedures, and governance
- Cyber incident response planning
If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.
Related insights
Critical Vulnerabilities in Virtual Environments Using VMware vCenter Server
These vulnerabilities serve as a potential gateway to exploit not only the targeted vCenter instances, but also the broader networks and systems they manage.
- Cybersecurity
Critical WordPress Vulnerability Puts Websites at Risk
A critical security vulnerability was discovered in a WordPress plugin that allows attackers to enter the platform without credentials.
- Cybersecurity
SEC Enforcement Action for Incomplete Cyber Incident Disclosures
The SEC recently charged four companies for insufficient disclosures related to cyber incidents alleging they did not fully communicate the nature and impact of the cyber breach.
- Cybersecurity