Security Tip of the Week – Scammers Use FINRA as Phish Bait

Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA).

Keller Schroeder Security Solutions Group Logo

Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!

The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT.” The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you’ve got more questions regarding this letter don’t hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.

Here’s how you can stay safe from similar attacks:

  • By asking for your immediate response regarding an audit, the bad guys create a sense of urgency. These scams rely on impulsive actions, so always think before you click.
  • Watch for poor spelling and grammar in supposedly-official messages. Did you catch the spelling error in the example above? The word “hesitate” is misspelled as “hesistate.”
  • Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor Partner

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.

Share:

Join Our Mailing List

More Posts