Phish Bait in emails causes lots of information security disasters. Recently cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). A simple trick can fool such a vital organization. The phish bait story is chilling. Fortunately, if you know what to look for, this scam is easy to spot!
The phishing email starts with the vaguely startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports@finra-online. It asks you to review an attached document and respond immediately. The short email message closes with
“If you've got more questions regarding this letter don't hesistate to contact us.”
Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.
Here’s how you can stay safe from similar attacks:
By asking for your immediate response regarding an audit, the bad guys create a sense of urgency. These scams rely on impulsive actions, so always think before you click.
Watch for poor spelling and grammar in supposedly official messages. Did you catch the spelling error in the example above? The word “hesitate” is misspelled as “hesistate”.
Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.