The Office of Compliance Inspections and Examinations of the U.S. Securities and Exchange Commission (OCIE) was recently made aware of a phishing attempt which could affect broker-dealers, investment advisers, and investment companies.
The attack came from bad actors, purporting to be the Financial Industry Regulatory Authority (FINRA) asking firms to complete a survey. These emails have come from the domain “regulation-finra.org” and are preceded by “info” plus a number, like “email@example.com.”
Any emails coming from a regulator or vendor asking for sensitive information, including usernames and passwords, or make unsolicited requests for action, like taking a survey, could be malicious phishing attempts.
WHAT DOES THIS MEAN FOR ME?
If you receive a suspicious email, like the above:
- Do not click any links or respond to the email and
- Promptly report the incident to the appropriate person in your organization.
Always verify the sender of suspicious emails by contacting the sender through a known email address or by calling a trusted phone number, not by using information included in the questionable email. Fairview is available to answer questions about cybersecurity issues and how to secure your network in case of a successful data breach. Reach out to us with any questions.