FINRA Alerts US Brokerage Companies of a Phishing Operation in Progress with Penalty Threats
Hackers Send Bogus Emails Asking for Additional Details from Recipients to Confirm Their Company Name.
Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States, has notified brokerage organizations of a phishing operation menacing receivers with punishments unless they provide the information demanded by the threat actors.
FINRA is a private American corporation that acts as a self-regulatory organization (SRO) that regulates member brokerage firms and exchange markets. In December 2019, the organization supervised 3,517 brokerage firms, 153,907 branch offices, and approximately 624,674 registered securities representatives.
In a regulatory announcement published at the beginning of the week, the organization stated:
FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name @gateway-finra.org.
FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.
Cybercriminals send bogus email messages asking for additional details from recipients to confirm their company name.
The victims are also threatened with penalties if they fail to submit the requested information on time, a strategy created to force them into doing it faster, hoping that recipients would reply before verifying the emails’ validity.
The gateway-finra[.]org domain employed in these phishing attacks that are in progress was registered on June 7 using the Hosting Concepts B.V. domain registrar.
The Internet domain registrar was asked by the market regulator to interrupt services for the domain because of its continuing use in operational phishing attacks before issuing the warning. Nevertheless, the domain is still accessible, redirecting to the official FINRA website.
Since the domain is not linked to the market regulator, member brokerage organizations are urged to remove any messages received from this domain as quickly as possible.
While the non-profit organization seldom publishes such regulatory announcements, it has issued a few in 2020, with two of them warning of phishing campaigns targeting brokers’ information.
The latest of them, issued in March, notified U.S. brokers of a phishing operation in progress utilizing false compliance audit notifications to steal private data.
Another one, issued in December 2020, alerted brokers of similar phishing attacks using another domain (invest-finra[.]org) impersonating a valid FINRA website.
FINRA reminds organizations to check the legitimacy of any dubious email before responding to it, opening any attachments, or clicking on any embedded links.