BW Cyber wants you to be aware of an ongoing phishing campaign targeting FINRA registrants that was recently circulated from a fake FINRA email account.
The email said:
Dear Name,
Please find the attached Deficiency letter. This notice is from the FINRA risk analysis department following a directive from SEC. As instructed in the letter, I will keep this request open until Wednesday 04/27/22.
Please note that you are required to submit a response to this request by replying to this email.
Name
Principal Risk Monitoring Analyst
FINRA
FINRA countered the attack by advising the affected firms to verify all email addresses before replying, opening any attachments, or clicking any links. They have also requested the suspension of the fraudulent email address, which was “claims-finra.org”.
Similar attacks have occurred in the past in which the cybercriminals posted as the registrant investors themselves. Phishing campaigns such as this one are exceptionally easy to execute by simply mimicking the victim organization’s email domain and accessing their client / contact lists. As a result of the rise in attacks of this nature, BW Cyber recommends performing a simulated phishing attack – this fills the gap of human error and keeps your company ahead of the threat.
- BW’s Training and Phishing – https://www.bwcyberservices.com/services/training-phishing/
- BW’s Incident Response and Forensics – https://www.bwcyberservices.com/services/incident-response-forensics/
For more information on how BW Cyber, LLC can assist you, please contact us at info@bwcyberservices.com.
