Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States is notifying US brokerage organizations of a continuing phishing operation impersonating ‘FINRA Support.’
According to our glossary, phishing is:
A malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.
FINRA is a private American corporation that acts as a self-regulatory organization (SRO) that regulates member brokerage firms and exchange markets.
In December 2019, the organization supervised 3,517 brokerage firms, 153,907 branch offices, and approximately 624,674 registered securities representatives.
On Wednesday, the market regulator started alerting brokers that a phishing operation is sending emails that appear to be from ‘FINRA Support’ but are coming from a third-party domain.
The emails ask the victim to be attentive “to the report attached below that requires your immediate response” and says that “[t]he attachment contains FINRA updated Public Policy information.”
According to the regulator, the emails may not include an attachment.
Since the ‘westour.org’ domain is not connected to FINRA, brokerage firms are urged to delete any emails originating from this domain name. All those who clicked on any link or image in the email should immediately notify the appropriate individuals in their firm of the incident.
FINRA reminds organizations to check the legitimacy of any dubious email before replying, opening any attachments, or clicking on any embedded links.
FINRA has requested that the Internet domain registrar suspend services for “westour.org”.
Not The First FINRA Phishing Campaign
Earlier this month, the market regulator has notified brokerage organizations of a phishing operation menacing receivers with punishments unless they provide the information demanded by the threat actors.
The phishing campaign involved fraudulent emails purporting to be from FINRA that used the domain name @gateway-finra.org.