US Financial Industry Regulator Warns of Widespread Phishing Campaign

The United States Financial Industry Regulatory Authority (FINRA) issued a cyber alert recently, warning the member organizations of an ongoing, widespread phishing campaign. FINRA is a private industry group that works to regulate exchange markets and brokerage companies. According to the organization, the campaign is still ongoing.

The security alert warns users of phishing emails being sent through the '@broker-finra.org' domain, making them look as if Josh Drobnyk and Bill Wollman sent them. Both of them are FIRNA vice presidents.

FINRA mentioned the phishing emails were included in an attached PDF file with a link sending users to a scamming website. The site in question asks users to enter their Microsoft or SharePoint passwords.

Users Advised to Change Passwords

FINRA recommends that users who entered their passwords should change it right away, notifying their security of the incident, according to Dave Kelley, FINRA's Director of member Supervision Specialist Programs.

Example of a FINRA phishing email, Source: ZDNet

The director also mentioned that some emails coming from the broker-finra.org domain were using a secondary tactic to spread the infection. In some cases, the emails were not included in the attachment, according to Kelley. The threat actors may be attempting to gain the trust of the recipients, so they can get a second email sent that contains an infected attachment or link. Another potential approach may be an attempt to gain confidential company information from inside sources via social engineering.

If the attackers manage to succeed in their efforts, they might gain access to the Microsoft Office accounts of some of the essential brokers on the New York Stock Exchange. That reason alone makes the potential targeted victims a very lucrative operation for the scammers behind the threat. According to FINRA's website, they oversee the day-to-day operations of more than 634,000 registered brokers.