The US Financial Industry Regulatory Authority (FINRA) has issued a rare cyber-security alert today warning member organizations of “a widespread, ongoing phishing campaign.”
FINRA said the malicious emails were aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations.
FINRA, which is a private industry group that works as a self-regulatory body for brokerage firms and exchange markets, said the campaign is still ongoing.
According to the security alert, the phishing emails were sent using the domain of “@broker-finra.org,” and made to look like they were sent by Bill Wollman and Josh Drobnyk, two of FINRA’s vice presidents.
FINRA said the phishing emails included an attached PDF file that contained a link redirecting users to a website prompting members to enter their respective Microsoft Office or SharePoint passwords.
“FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident,” said Dave Kelley, FINRA Director of Member Supervision Specialist Programs.
Kelley also warned that some of the emails coming from the broker-finra.org domain used a second, more stealthy tactic.
“In at least in some cases, the emails do not actually include the attachment,” Kelley said. “They may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information.”
If attackers would be successful in their attacks, they would gain access to Office accouns belonging to some of the most powerful brokerage players on the New York Stock Exchange.
According to its website, FINRA claims it oversees the daily activities of more than 634,000 registered brokers.
A FINRA spokesperson wasn’t available for comment beyond the information offered in the security alert. A sample email FINRA members have been receiving is embedded below.