The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

FINRA Warns of Yet Another Phishing Attack Targeting Finance Industry

by Chris Brook on Wednesday December 2, 2020

Contact Us
Free Demo
Chat

Emails from an ongoing campaign are not connected to FINRA and should be deleted, the organization warns.

Financial services organizations should be aware of yet another phishing scam targeting the industry.

The issue, like several of late, involve attackers purporting to represent FINRA, the Financial Industry Regulatory Authority.

FINRA, while independent and not connected to the government, helps safeguard securities firms, brokers, and brokerage firms. The regulatory body oversees the trading of equities, bonds, and other options and does have the ability to levy fines and refer instances of fraud and insider trading to the Securities and Exchange Commission.

According to a security notice posted to its site on Monday, the latest scam involving the body has come from emails from the domain @invest-finra.org, a domain FINRA reports it doesn't own and has asked the registrar in charge of it to suspend services for. Recipients should delete any emails from that domain if they haven't yet already.

A quick WHOIS check reveals the domain is still technically registered; it was created in early November by someone in or around Paris, France through the registrar gandi.net.

Attacks like these have been a perpetual thorn in FINRA’s side this year.

In October the organization warned about a phishing campaign it spotted that claimed to be spreading a FINRA survey. In reality, the survey wasn't from FINRA and instead came from a fabricated domain, regulation-finra.org.

An attack in May came from emails attached to another fake domain, broker-finra.org. In those emails, the attackers purported to be actual FINRA officers, Bill Wollman and Josh Drobnyk. The scam tried to trick recipients into following a link through an attached PDF file to a website that prompted the user to enter their Microsoft Office or SharePoint password; it's unclear how many employees fell for the scam.

Many of the scams have likely been driven by having so many in finance industry, like everywhere these days, working from home. Phishers have pounced on the possibility that not everyone may be paying close attention to where these emails are originating. If only given a passing glance, invest-finra.org can look legitimate enough to click.

It's unclear what exactly emails from the latest phishing campaign entailed, if there was an attachment or merely bogus guidance. Regardless, FINRA is encouraging anyone who may have clicked on a link or image in the email to contact the appropriate individuals in their firm. Further questions can be directed towards FINRA's director and senior principal risk specialist of its Member Supervision Specialist Programs.

Tags: Industry Insights, Financial Services

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.