The Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice in response to an increase in customer account takeovers (ATOs). During these ATOs, criminals compromise account information, gain unlawful entry into customer online brokerage accounts, make fraudulent transactions, siphon out funds, and commit other crimes. Similarly, criminals have increasingly been using simulated identities to open online accounts, and steal funds and data. FINRA’s regulatory notice summarizes the observations of 20 firms of various business models and sizes on the subject.

Why the rise in ATOs? 

The FINRA notice attributes the recent rise in ATOs to several factors that all increase the risk of online fraud:

  • More firms offering online accounts
  • More investors conducting transactions online
  • Proliferation of mobile devices and apps, enabling additional access (and attack vectors) for online accounts
  • Reduced accessibility of physical offices due to the COVID-19 pandemic, making it harder to verify identity
  • More stolen login credentials being shared on the dark web
  • Increased sophistication and availability of ATO tools that mimic mobile devices in an automated fashion

How BW Cyber Services Can Help

While these criminals (and others) are all focused myopically to monetize unauthorized access to your data, there are some relatively simple procedures you can take to help secure your environment and lower your risk of a successful attack. BW Cyber Services works with dozens of clients in the financial services industry, and we can develop a comprehensive cybersecurity compliance program for you to prevent and respond to these types of attacks. We offer cyber training customized to your business environment, simulated phishing campaigns to increase security awareness, and dark web monitoring to notify users and take action when credentials have been compromised.

For more information on our services or other mitigation techniques, such as multi-factor authentication, file protection, and geo-location blocking, please contact BW Cyber Services at or (646) 779-8976.