Security News > 2021 > March > Ongoing phishing attacks target US brokers with fake FINRA audits
The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.
The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.
While FINRA rarely issues such regulatory notices, the regulator has published four of them last year, with two of them informing of phishing attacks targeting brokers' information.
One of them, reported during December 2020, warned brokers of similar phishing attacks using another domain that spoofed a legitimate FINRA website.
In October, another notice alerted member firms of widespread phishing attacks using surveys to harvest sensitive information.
Org with a fake registration form for collecting personal info later to be used in spear-phishing attacks directed at FINRA members.
News URL
Related news
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- 2024 phishing trends tell us what to expect in 2025 (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- US cities warn of wave of unpaid parking phishing texts (source)