Broker-dealers, investment advisers, and investment companies could be affected by a new phishing campaign. This is similar to the FINRA survey phishing campaign that occurred in October 2020.
The attack is originating from bad actors, purporting to be the Financial Industry Regulatory Authority (FINRA) asking firms to complete a request within the email. These appear to be coming from the domains “gateway1-finra.org” and “finrar-reporting.org.”
Any emails coming from a regulator or vendor asking for sensitive information, including usernames and passwords, or that include unsolicited requests for prompt action, could be malicious phishing attempts.
WHAT DOES THIS MEAN FOR ME?
If you receive a suspicious email, like the above:
- Do not click any links or respond to the email; and
- Promptly report the incident to the appropriate person in your organization.
Always verify the sender of suspicious emails by contacting the sender through a known email address or by calling a trusted phone number, not by using information included in the questionable email. Fairview is available to answer questions about cybersecurity issues and how to secure your network in case of a successful data breach. Reach out to us with any questions.