FINRA released a regulatory notice warning all member firms of a phishing attempt from an organization trying to impersonate FINRA. Phishing is a cybercrime where targets are contacted by email by someone pretending to be a legitimate organization to lure individuals into responding with sensitive data. The phishing email impersonating FINRA was sent from the domain “@regulation-finra.org” where the email requested all recipients to provide information to a fraudulent survey. FINRA emphasized that it does not have any relation to the email domain “@regulation-finra.org” and for all organizations to delete all emails from the address.
FINRA recommends that anyone that accidently clicked on the link or image in the email to properly notify the appropriate personnel in their firm. FINRA reminds all member firms to verify the legitimacy of emails before responding, opening attachments or clicking any links. FINRA recommends that firms can take precautions to prevent phishing attacks by:
- Creating policies and procedures to specifically address phishing;
- Implementing email scanning and filtering to monitor and block phishing attempts;
- Regularly training employees on phishing and firm policies and procedures;
- Reporting such attacks to cybersecurity information-sharing organizations; and
- Conducting regular simulated phishing email campaign to evaluate employee understanding and compliance with the firm’s policies and procedures.