June 25, 2021
On June 24, 2021, the Virginia State Corporation Commission’s Division of Securities and Retail Franchising (the Division) issued an alert to registered investment advisers of an ongoing phishing campaign whereby the attackers claim to be from the Division.
Like most phishing attempts, the email asks the reader to click on a link to view fictitious “IA fee changes.”
These emails resemble other recent attempts by cybercriminals to trick users into clicking on fraudulent emails purporting to be from FINRA and using the domain name “@gateway-finra.org.” Cybercriminals posing as a regulatory authority or other government agencies, like the Social Security Administration, is not a new tactic. However, these can be effective campaigns as the emails are typically written to create a sense of urgency for the reader to click.
The Division and FINRA want to remind advisers to “verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.”
The Division reminds users:
WHAT DOES THIS MEAN FOR ME?
The biggest threat to your network is human error. Training employees to recognize phishing attempts and taking measures to ensure malicious emails never reach end users are two easy ways to secure your network. One wrong click could jeopardize your firm’s data security and reputation.
Because businesses in the financial industry may be more likely to be targeted by phishing, your firm should act now to prevent data compromise. Fairview Cyber can help your firm with essential cyber and data security services like phishing prevention training, network penetration testing, vendor due diligence, and more. Contact us today for more information about our services.