Security News

Phishing Campaign Strikes US Financial Industry Regulator

The Financial Industry Regulatory Authority (FINRA) is warning its members, comprising more than 634,000 brokers, of a "widespread, ongoing" phishing campaign.

The campaign revolves around emails with a '@broker-finra.org' source domain name purporting to be from two high ranking FINRA officials: Bill Wollman, Vice President, Head of Office of Financial and Operational Risk Policy, and Josh Drobnyk, Senior Vice President, Corporate Communications.

The emails request the recipient's immediate attention to an attachment relating to their firm. In some cases, there is no attachment, a ploy meant to look like a simple mistake in order to gain the reader's trust. A follow-up email is then sent with an affected attachment or link, or a request for information.

Other emails include a PDF file that takes users to a website prompting them to enter their Microsoft Office or SharePoint password.

"The domain of broker-finra.org is not connected to FINRA and firms should delete all emails originating from this domain name," said FINRA's Director of Member Supervision Specialist Programs, Dave Kelley, adding that anyone who entered their password should change it immediately and notify the appropriate individuals in their firm of the incident.

FINRA has also requested that the Internet domain registrar suspend services for broker-finra.org.

For more information, FINRA suggests that its members review the resources provided on the organization's Cybersecurity Topic Page, including the Phishing section of its Report on Cybersecurity Practices (2018).

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: