You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Cyber Criminals Posing as FINRA Officers

Cyber criminals are impersonating real FINRA officers to launch Phishing attacks.

Attackers continue honing their skills of deception. This time, they're impersonating real officers at the Financial Industry Regulatory Authority (FINRA). This is relevant for a huge portion of the financial industry.

FINRA warns member firms of a widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers.
-Regulatory Notice 20-12

They've used the names of real employees (Bill Wollman and Josh Drobnyk), but they can easily change those. The attackers will simply search LinkedIn to find more FINRA officer names to use!

The domain of “broker-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.
-Regulatory Notice 20-12

Unfortunately, it's just as easy for the criminals to spin up another lookalike domain.

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.
-Regulatory Notice 20-12

FINRA is absolutely right! Every employee has to be on alert for attacks like these.

What are the criminals seeking?
It appears these criminals are primarily harvesting login credentials for later use in any number of attacks. Specifically, they have targeted Microsoft Office and SharePoint logins. If you think you might have received this Phishing email, you should change your password immediately to maintain security.

If you're a FINRA-regulated firm, it's time to implement Fully Automated Security Awareness Training to protect your team.

Don't forget about SEC, NYS DFS and FDIC
This also goes for anyone regulated under the New York State Division of Financial Services (NYS DFS) requirements on cyber security. Cyber Security Awareness Training is called out as an imperative. See their latest guidance here.
You can also see recent SEC updates here.
The FDIC put out cyber warnings here.

Next Step to Security
Your next step is easy! To learn more and get your personalized quote, start here!

See FINRA Regulatory Notice 20-12 here.
[https://www.finra.org/rules-guidance/notices/20-12]
See FINRA guidance on Security Awareness Training here.
[https://www.finra.org/sites/default/files/Cybersecurity_Report_2018.pdf]

Financial ServicesSales
Joel Cahill

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.

You might also like

Criminal Courts Hacked, Docs Leaked

Criminal Courts Hacked, Docs Leaked

With Courts sending and receiving tons of email with attachments, they are a ripe target for a crafty Phish.

Joel Cahill
Joel Cahill
Legal
What Do Canon, Jack Daniels and Carnival Cruises Have In Common?

What Do Canon, Jack Daniels and Carnival Cruises Have In Common?

You may patronize each of these companies on vacation, and now hackers are taking a lot of that money for themselves.

Joel Cahill
Joel Cahill
Hospitality

Featured Posts

CIS Control 14 and Security Awareness Training

CIS Control 14 and Security Awareness Training

Let's Dig In: Security Awareness & Compliance

Let's Dig In: Security Awareness & Compliance

Cyber Insurers Tighten Requirements

Cyber Insurers Tighten Requirements