The U.S. Financial Industry Regulatory Authority (FINRA) issued a Regulatory Notice (“Notice”) warning member firms of a phishing email impersonating the organization.
We have summarized key points from the Notice below.
In the announcement, FINRA warns of a spike in fraudulent emails targeting registrants, asking firms to complete a questionnaire.
Recommendations
The organization then outlines several observations and considerations for broker-dealers and investment firms, including:
- The email’s sender name begins with “info” followed by a number and the domain “@regulation-finra.org.” For example, info8@regulation-finra.org.
- The email source is not connected to FINRA.
- Member firms should delete all communications originating from the aforementioned domain name.
- Do not click on suspicious links in digital communications.
- Further questions regarding this Notice should be directed to FINRA. For contact details, see here: https://www.finra.org/rules-guidance/notices/20-35
Align’s Take
To help prevent broker-dealers and investment firms from falling victim to cyber scams, we offer the following guidelines and resources:
- Align’s Managed Services team has designed an industry-specific Security Awareness Training program that incorporates phishing campaigns and simulates cyber-attacks, such as phishing emails, to help broker-dealers and investment firms identify and thwart social engineering scams.
- Approach emails with extreme caution, especially those that convey urgency, ask you to download something, or immediately perform an action.
- Always examine the “from” field in emails to check for a questionable address.
- Never click on a link without hovering first and verifying its legitimacy.
- If you believe you are a victim of this scam, we recommend contacting your managed services provider (MSP) or IT provider.
Do you have further questions or cybersecurity concerns?
For Align Managed Services customers, we advise you to contact your account manager, Abe Thomas, at athomas@align.com or call +1 212-546-6124.
For all other clients and colleagues, Align recommends reaching out to John Araneo at cyber@align.com or via phone at +1 212-844-4030.
Alternatively, feel free to contact us here or by clicking on the button below. To learn more about Align's Cybersecurity Advisory Practice, visit here.