An influential financial oversight organization is urging U.S. brokerage firms and securities organizations to be on the lookout for an ongoing email scam that aims to steal usernames and passwords.
The Financial Industry Regulatory Authority, an industry-run organization overseeing brokers and exchange markets, published an alert Monday about an “ongoing” phishing campaign in which attackers are posing as FINRA executives.
The messages typically include the name of the target organization in the subject line, and encourage recipients to download an attachment that requires “immediate attention.” In fact, the attachment may direct a user to a website that prompts them to enter their credentials for Microsoft Office or SharePoint, a corporate collaboration software.
The notice did not cite any specific security incidents that may have inspired the bulletin.
“FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links,” the advisory states.
FINRA also urged employees who may have received the email to change their password immediately. The messages appeared to come from FINRA vice presidents Bill Wollman or Josh Drobnyk, with an apparent source domain of “@broker-finra.org.”
This alert comes more than a month after FINRA also pushed member organizations to “take appropriate measures” to protect customer and firm data amid an uptick in coronavirus-related hacking attempts. The March 26 security bulletin instructed member-organizations to secure their home networks, prepare an incident response plan and, most notably, take additional precautions to fend off phishing, particularly malicious links in emails.
“Be sensitive to the growing variety of scams and attacks that fraudsters are using to exploit the current situation[,]” the advisory said.