(New) FINRA Reminds Firms to Beware of Fraud During the Coronavirus (COVID-19) Pandemic
The COVID-19 pandemic is affecting most aspects of our society and daily lives, as well as the U.S. economy and markets. Events with such profound impact routinely create opportunities for financial fraud. Firms and their associated persons should be aware of and take appropriate measures to address the increased risks and challenges presented during the COVID-19 pandemic. In addition to new scams focusing on COVID-19, previous scams may also find new life as fraudsters adapt to and exploit recent events and related vulnerabilities, especially those related to the remote working environment.
FINRA is committed to providing guidance, updates and other information to help stakeholders stay informed about the latest developments relating to COVID-19, which can be found on FINRA’s COVID-19/Coronavirus Topic Page.
FINRA will also continue to inform the industry on emerging cybersecurity trends and related frauds, and reminds firms to review resources on FINRA’s Cybersecurity Topic Page, which provides information on how firms can strengthen their cybersecurity programs.
• FINRA Regulatory Notice 20-13 (May 5, 2020): FINRA Reminds Firms To Beware Of Fraud During The Coronavirus (COVID-19) Pandemic
(New) FINRA Warns of Fraudulent Phishing Emails Purporting To Be From FINRA
FINRA warns member firms of a widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers, including Bill Wollman and Josh Drobnyk. These emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to your firm. In at least in some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information. In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password. FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident.
The domain of “broker-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name. In addition, FINRA has requested that the Internet domain registrar suspend services for “broker-finra.org”.
• FINRA Regulatory Notice 20-12 (May 4, 2020): FINRA Warns of Fraudulent Phishing Emails Purporting To Be From FINRA
(New) Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic
As work processes adjust in response to COVID-19, firms and their associated persons should take appropriate measures to address increased vulnerability to cybersecurity attacks and to protect customer and firm data on firm and home networks, as well as devices.
This alert provides firms and associated persons with measures they may use to help strengthen their cybersecurity controls in areas where risks may increase in the current environment. In particular, FINRA understands the resource challenges that small firms may face, but hopes that the information included below may help them address possible cybersecurity issues associated with remote work.
However, this alert does not provide an exhaustive list of steps that firms and associated persons should consider. Further, the alert is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations.
FINRA is committed to providing guidance, updates and other information to help stakeholders stay informed about the latest developments on FINRA’s COVID-19/Coronavirus Topic Page. New information will be posted on that webpage as it becomes available.
• FINRA Information Notice (March 26, 2020): Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic
Cybersecurity Alert: Cloud Based Email
Several member firms recently notified FINRA that they have experienced email account takeovers (ATOs) while using cloud-based email platforms, including Microsoft Office 365 (O365). Attackers used compromised email accounts to defraud member firms by requesting fraudulent wire requests or stealing confidential firm information or non-public personally identifiable information (PII).
This Notice outlines the attackers’ tactics in executing ATOs, as well as steps taken by member firms to address ATO risks when using cloud-based email systems.
• FINRA Information Notice (October 2, 2019): Cybersecurity Alert: Cloud Based Email Account Takeovers
Imposter Websites Impacting Member Firms
Several member firms have recently notified FINRA that they have been victims of imposter websites—which are sites designed to mimic a firm’s actual website with the end goal of committing financial fraud. This Notice outlines steps firms can take to monitor for imposter websites and what to do if an imposter website is found.
• FINRA Information Notice (April 29, 2019): FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations
FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms
FINRA warns member firms to be on the lookout for a fraudulent phishing email that is currently circulating. Brokerage firms reported to FINRA that they have received suspicious emails targeting their compliance personnel. The email appears to be from a legitimate credit union attempting to notify the firm about potential money laundering involving a purported client of the firm. The email directs the recipient to open an attached document—which likely contains a malicious virus or malware designed to obtain unauthorized access to the recipient’s computer network. As a reminder, phishing scams are ever-changing and are designed to infiltrate the computer network of the recipient. Use caution when opening emails from unknown senders and do not open attachments until you verify the sender and information that might be included in the document.
• FINRA Information Notice (February 13, 2019): FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms
FINRA Report on Cybersecurity Practices
This report continues FINRA’s efforts to share information that can help broker-dealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.
When selecting the topics for this report, FINRA considered the evolving cybersecurity threat landscape, firms’ primary challenges and the most frequent cybersecurity findings from our firm examination program. First, we address how firms have strengthened their cybersecurity controls in branch offices, which is especially important for firms with decentralized business models. Second, we discuss limiting phishing attacks, which remain a top cybersecurity challenge for many firms. Third, we explain the importance of identifying and mitigating insider threats, which are of concern for many firms. Fourth, we describe the elements of a strong penetration testing program. Finally, we share observations regarding establishing and maintaining controls on mobile devices, which have emerged as a significant risk for many firms because of their increasingly widespread use by employees and customers.
FINRA Warns Firms of Regulator Impersonators
Recently, FINRA has received reports of member firms receiving telephone calls from persons claiming to work for FINRA in an attempt to deceive firms into revealing confidential information. FINRA is notifying firms that these individuals may be impersonators. Firms that receive telephone calls or emails purportedly from someone at FINRA requesting any type of information— confidential or otherwise—should use caution and verify the identity of the caller or sender before providing any information or responding to an email.
• FINRA Information Notice (July 13, 2018): FINRA Warns Firms of Regulator Impersonators
SEC Investor Bulletin
The SEC’s Office of Investor Education and Advocacy issued this Investor Bulletin to help investors protect their online investment accounts from fraud. As with all web-based accounts, investors should take precautions to help ensure that their online investment accounts remain secure. These online security tips can help.
• SEC Investor Bulletin: Protecting Your Online Accounts from Fraud (April 26, 2017)
A Small Entity Compliance Guide: Final Model Privacy Form Under the Gramm-Leach-Bliley Act
The model privacy form is designed to make it easier for consumers to understand how financial institutions collect and share their personal financial information and to compare different institutions' information practices. For a guide to implementing these procedures visit: https://www.sec.gov
FINRA Cybersecurity Topic Page
Given the evolving nature, increasing frequency, and sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for FINRA. Visit the link below for more information on related rules, notices, guidance, news and investor education