Cybersecurity Alert: Cloud-Based Email Account Takeovers (Information Notice 10.2.19)

Cybersecurity has become a continuous concern as hackers constantly create new ways of gaining private information from their targets, leaving firms vulnerable to attacks. Although firm’s are required to implement policies and procedures to protect customer information pursuant to SEC Regulation S-P, it is difficult to anticipate every threat or hazard that could occur. FINRA’s latest Information Notice published on October 2, 2019 discussed email account takeovers (ATO) on cloud-based email platforms, including Microsoft Office 365.

The Information Notice states that attackers used compromised email addresses to make fraudulent wire requests, and/or steal confidential firm information and install malware in user’s accounts. Tactics used to conduct the ATOs included:

Phishing – Targeted email attacks used to coax real users into providing  personal, sensitive data to hackers

Credential Stuffing – Using a list of usernames and passwords to login to  various websites until a match is found

Brute Force Attacks – Trying different usernames and passwords to gain  access to encrypted data or specific software


Once an attacker gains access to an account, the attacker will monitor the account for identifiable patterns in email traffic, communications with clients and opportunities for other attacks. When attackers believe they have monitored accounts sufficiently, an attack is carried out. Hackers are able to hide their illicit activity by changing the email settings of the compromised email address.

Although there is no single way to eliminate the threat of cyber-attacks, there are ways to mitigate risk. Some of the ways to prevent ATO cyberattacks include:

Two-Factor Authorization – Requires users to enter a pin sent to their mobile devices whenever logging into an account outside the firm’s network

Email Archiving – All emails should be backed up to another location or system in addition to the firm’s server

Training – Implementing a training program to educate registered representatives of the tactics hackers use to breach cybersecurity


In the event of an ATO cyber-attack, countermeasures include:

• Disabling the compromised email account
• Copying the compromised email account
• Reviewing the email account content to ensure sensitive information is not compromised
• Ensuring all malware was deleted from accounts

Click here to read the Information Notice in its entirety.

Please contact an ARG Analyst with any questions regarding the matters discussed, or to learn the benefits of our compliance and risk management consulting services.

Key Topics: Broker dealer compliance, Investment banking compliance, FINRA compliance consultants, Broker dealer compliance consultants, Outsourced compliance officer, Broker dealer compliance consulting firms, Anti-money laundering test, Investment banking regulatory compliance, Broker dealer compliance requirements.

Olivia Scuteri, CAMS

SENIOR COMPLIANCE ANALYST, COMPLIANCE AND RISK MANAGEMENT

Previous
Previous

2019 Report on FINRA Examination Findings and Observations

Next
Next

'Tis the Season for an AML Inspection