The U.S. Financial Industry Regulatory Authority (FINRA) has issued a new regulatory notice warning members of threat actors using registered brokers’ info to create phishing websites.
FINRA is a not-for-profit organization authorized by the U.S. government to regulate member brokerage firms and exchange markets, and to defend American investors by ensuring that the broker-dealer industry functions honestly and equitably.
According to FINRA, the organization oversees over 624,000 brokers across the U.S. and it analyzes billions of market events every day.
Fake brokerage sites used for phishing
The imposter websites mentioned in FINRA’s alert are being used as phishing landing pages that will ask potential customers for personal information “with the likely end goal of committing financial fraud.”
“The websites reported to FINRA to date use the correct spelling of the representative’s name unlike some of the imposter firm websites FINRA observed last year that sometimes used common misspellings of a name or visually similar character substitutions,” the regulator says.
Several FINRA member firms have observed the fraudsters establishing such phishing sites, with multiple reports saying that the scammers are actively calling potential victims and directing them to their phishing pages.
Example phishing sites (FINRA)
 |
 |
 |
Besides obvious signs of phishing attempts like “poor grammar, misspellings, odd or awkward phrasings, or misuse financial services terminology,” the imposter websites used in this campaign also include the following common features:
• they use the registered representative’s name as the domain name for the website (e.g., firstnamemiddlenamelastname.com);
• they include a picture purporting to be the registered representative;
• they provide information about the registered representative’s employment history, including prior employers’ CRD numbers and examination history;
• they are asking individuals to fill out a contact form with the individuals’ names, email addresses, phone numbers, the subject of the inquiry and space for a message.
While no reports have mentioned this tactic being used yet, the threat actors might also use the domains as part of an e-mail based phishing campaign, with messages potentially delivering malware or embedded links redirecting targets to the phishing sites.
FINRA members are advised to report any incidents related to such imposter sites to the FBI, as well as to notify FINRA, the U.S. Securities and Exchange Commission (SEC), or other securities or financial regulators of the phishing attempt.
Previous phishing alerts issued by FINRA
Earlier this month, FINRA warned members of attackers using a copycat site hosted at finnra[.]org that included a registration form used by malicious actors to harvest personal information that could later be used in phishing attacks targeting FINRA members.
In May, FINRA has issued another security alert warning members of a “widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers,” including but not limited to Bill Wollman and Josh Drobnyk, two of the organization’s vice-presidents.
The attackers were delivering malicious attachments and links redirecting to phishing sites through emails sent from the broker-finra[.]org domain (not connected with FINRA), as well as PDF documents that sent potential victims to a site designed to steal their Microsoft Office or SharePoint passwords.
Last year, in February, FINRA published an information notice to alert of phishing emails targeting member firms using a USA Patriot Act provision relating to the ability of financial institutions to share info with each other for additional authenticity.
To read the original article: https://www.bleepingcomputer.com/news/security/us-financial-regulator-warns-of-phishing-sites-impersonating-brokers/