FINRA phishing scam targets advisors

Phishing scam targets advisors with fraudulent FINRA emails

Hackers claiming to be FINRA officers are targeting brokers with a new email phishing scam.

Using the subject header “Action Required: FINRA Broker Notice for [firm name],” the fraudulent emails appear to be written by either Bill Wollman, head of FINRA’s office of financial and operational risk policy, or Josh Drobnyk, FINRA senior vice president of corporate communications. The fraudsters say they require a firm’s immediate attention, and even include an email signature to make the message look authentic.

On closer inspection, however, the emails come from “broker-finra.org,” a website not associated with FINRA. The regulator has requested the domain registrar suspend services.

“The diabolical thing is that Josh is a real person at FINRA, so if you took the extra step to Google him, you could easily be fooled,” says Benjamin Brandt, an investment advisor representative with Capital City Wealth Management who received the email. “I have spam filters and an email firewall and it still got through, which really surprised me.”

Some of the emails contain what appears to be an attached PDF file. If clicked, the file directs users to a website prompting them to enter their Microsoft Office or SharePoint password.

Other versions don’t include an attachment and instead attempt to gain the recipient’s trust so a follow-up email can be sent with an attachment or malicious link.

FINRA alerted advisors to the threat via social media, tweeting that firms should delete emails received from “broker-finra.org.”

ALERT: We have been informed of firms receiving phishing emails from the domain "@ https://t.co/LawadgaO4E." Please note that this domain is NOT associated with FINRA and firms should delete emails originating from this domain.
— FINRA (@FINRA) May 4, 2020

The regulator also posted a regulatory notice to its website recommending anyone who entered their password to change it immediately and notify the appropriate individuals in their firm. The notice includes an example of the email as well as additional cybersecurity resources for advisors.

Hackers posing as FINRA officers are targeting advisors with a phishing email scheme.

Wes Stillman, CEO of IT and cybersecurity firm RightSize Solutions, said the attack is an update to a similar scheme first detected in February 2019. Because the emails can make it through spam filters, Stillman says the scheme shows cybersecurity is still the surest defense against breaches.

“This is a great reminder that phishing attacks are truly the number one attack vector,” he says.

While there are great new software tools and firewalls to help keep advisors safe, they can sometimes provide a false sense of complete security. Advisors still need to heed notifications from official FINRA channels and know how to spot a fake.

“Recognition, that’s the key — recognizing a fraudulent email,” Stillman says.

Ryan W. Neal

Technology Editor, Financial Planning

	About Ryan W.
twitter	ryanwneal
linkedin	ryanwneal