Security News > 2021 > March > Ongoing phishing attacks target US brokers with fake FINRA audits
The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.
The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.
While FINRA rarely issues such regulatory notices, the regulator has published four of them last year, with two of them informing of phishing attacks targeting brokers' information.
One of them, reported during December 2020, warned brokers of similar phishing attacks using another domain that spoofed a legitimate FINRA website.
In October, another notice alerted member firms of widespread phishing attacks using surveys to harvest sensitive information.
Org with a fake registration form for collecting personal info later to be used in spear-phishing attacks directed at FINRA members.
News URL
Related news
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)