You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Financial Services Beware: Fake FINRA Site!

FINRA is warning members again. This time it's about an incredibly real-looking (but fake) FINRA website.

The Financial Industry Regulatory Authority (FINRA) warned members about a perfect look-alike site.

The hacker group appears to be using finnra.org (notice the extra "n") to capture sensitive information and passwords from users.

The legit FINRA site.
The hackers' knockoff site. Aside from the domain, it's a perfect replica!
Included on this fake site is a registration form that could be used to collect sensitive information that could be used in targeted phishing attacks against FINRA members.

This is far from the first attack focused on financial services and brokerage firms. In recent months, there have been warnings sent out from both the SEC and FINRA. The SEC's Risk Alert warned of Ransomware attacks on registrants, and FINRA's recent Regulatory Notice warned of cybercriminals posing as FINRA officers.

Why the increased focus?

Because attacks are increasing! And quickly. Ransom demands are skyrocketing - try $10 million! And attackers are selling stolen data on the Dark Web. This exposes victim firms to new liabilities and reputational damage, not to mention harm to clients and partners.

Ingenuity follows profits. The financial services industry knows this well. All of these devious moves point back to smart criminals who are making huge money through these hacks. Hacker groups are even openly recruiting bright minds to join them.

The good news is that these hackers can be stopped!

While the body of the fake site looks exactly the same as the real finra.org, the critical indicator is in the URL at the top. Your employees have to be on guard for these kinds of phony "typo-squatting" sites. This is best done with continuous training and testing in Security Awareness best practices.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) team here!

Original article here.
[https://www.bleepingcomputer.com/news/security/us-stock-broker-regulator-finra-warns-of-copycat-phishing-site/]

Joel Cahill

Cyber security enthusiast. Entrepreneur.