FINRA Issues Phishing Warning to Brokerage Firms

The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients.

The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the suspected money laundering activity in an attached document. The messages claim the attachment contains information about a financial transaction made by one of the firm’s clients to the credit union and that the credit union has placed a hold on the transaction due to suspected money laundering. The emails also reference the US Patriot Act to add further legitimacy to the scam.

FINRA has received several notifications from brokerage firms that claim to have received these suspicious emails. FINRA suspects the email attachment contains malicious code that downloads malware.

While no details about the malware used in the campaign are provided, FINRA warns that it poses a security risk. Malware could be used to log keystrokes to gain access to accounts, steal other sensitive information, or could potentially give the attackers full control of an infected device.

While the name of a legitimate USA credit union is used, the email address used in the scam appears to have been registered in Europe rather than the USA. The sentence structure in the emails is poor and there are grammatical errors. Further, no information about the transaction or the client is provided in the email body. An attachment needs to be opened to find out further information. These are all warning signs that the emails are not genuine, but busy employees of member firms may not notice these red flags.

FINRA recommends exercising caution when opening emails and warns that email attachments should never be opened unless the sender and the information that may be included in the attachment can be verified.

Author: NetSec Editor