The Financial Industry Regulatory Authority is warning member firms to be aware of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA employees.
In a Cyber Alert, FINRA states that the goal of the threat actor is to trick the recipient into replying and participating in a Microsoft Teams call. Anyone who receives these fraudulent emails should delete them and consider blocking the domains from which they were sent, the authority said.
The campaign, which started in late March, attempts to coerce broker-dealers into replying to an email message claiming to be “a time-sensitive matter relevant to your firm’s regulatory environment.”
Firms are advised to use caution when replying to emails from unknown email domains and never open attachments or click on links from suspicious domains, as they can contain malware or be designed to steal login credentials and other information.
“The campaign includes emails originating from the domains “finra[.]org[.]getencryvia[.]com” and “finra[.]org[.]myencryvia[.]com” (brackets added to prevent accidental clicks) and subject lines containing a member firm’s name,” the cyber alert states. “The message asks the recipient to reply to the message and set up a Microsoft Teams call with the threat actor. The signature block includes the words “Member Services,” along with FINRA’s name and a Washington, D.C., address.”
Legitimate FINRA emails will only be sent from the “finra.org” domain. Member firms should delete such fraudulent emails and consider blocking the fraudulent domains (“finra[.]org[.]getencryvia[.]com” and “finra[.]org[.]myencryvia[.]com”).
FINRA recommended a number of steps firms can take to protect against this phishing campaign:
- alert technology staff to the following indicators of compromise:
- finra[.]org[.]getencryvia[.]com
- finra[.]org[.]myencryvia[.]com
- block emails from these fraudulent domains at the network level and instruct users to delete any that reach their inboxes;
- consider blocking the fraudulent domains at your firewall;
- monitor network traffic for activity related to these domains; and
- remain vigilant for variations of this phishing campaign, including changes in:
- sender names, subdomains and domains;
- email content and subject lines;
- file names and attachments; and
- suspicious hyperlinks (e.g., misspellings or unfamiliar domains) contained within emails.
Firms were reminded to verify the legitimacy of suspicious emails before responding, opening, downloading or previewing any attachments, or clicking on embedded links.
Firms can report phishing campaigns to FINRA by contacting their Risk Monitoring Analyst, submitting a report to the FIFC or filing a regulatory tip.
The attorneys at Hyman Cotter include former senior attorneys at the SEC whose legal experience and industry knowledge make them uniquely qualified to provide counsel on securities regulatory, compliance and enforcement matters. Our attorneys fully understand the regulatory scrutiny financial professionals and their firms face from the various regulators that oversee the financial services industry. If your firm is facing an investigation from a regulatory agency, please contact Hyman Cotter at (833) 665-0784 or through our online contact form.
