Account Takeover Fraud , Fraud Management & Cybercrime , Social Engineering
FINRA Warns of Spoofed Websites Impersonating Real BrokersFraudster Could Use Sites to Steal Personal Data and Send Phishing Emails
The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., is warning that fraudsters have recently started creating spoofed websites and domains using members' real names and images in an attempt to steal personal information and credentials.
In an alert sent Friday, FINRA is warning members that fraudsters are attempting to steer potential victims to these sites to collect personally identifiable information, such as their names, mailing addresses and phone numbers, though contact forms posted on these websites.
"Several firms have recently informed FINRA that malicious actors are using registered representatives' names and other information to establish websites that appear to be the representatives' personal sites and are also calling and directing potential customers to use these imposter websites," according to the FINRA alert. "Imposters may be using these sites to collect personal information from the potential customers with the likely end goal of committing financial fraud."
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
The fraudsters could then use this personal information to create phishing emails or spread malware, according to the alert. FINRA did not note if any of these fraud attempts had been successful.
Earlier this month, the organization warned that fraudsters had already spoofed a FINRA website as part of an ongoing phishing campaign. This website - www.finnra.org - uses an extra "n" in the domain, the alert said.
FINRA, a government-authorized not-for-profit organization, oversees about 4,250 brokerage firms and exchange markets and has nearly 625,000 registered members, according to the organization's statistics for 2019. It also employees about 3,600.
The latest FINRA alert cites three examples of spoofed websites that fraudsters are using to attempt to gather personal information and data. Some of the common features found in these malicious domains include:
- Using a broker's real name as part of the domain name for the spoofed website such as "firstnamemiddlenamelastname.com";
- Including a photo purporting to be the real broker;
- Providing information about the broker's employment history, including the broker's Central Registration Depository number and examination history;
- Asking potential targets to fill out a contact form with the individuals' name, email address, phone number and the subject of the inquiry. The forms also include a space for a message to make it appear more authentic.
Although the spoofed websites use the correct spelling of the registered FINRA members, the agency notes these sites showed signs of a phishing campaign because they contain "poor grammar, misspellings, odd or awkward phrasings, or misuse financial services terminology," according to the alert.
The FINRA alert also notes that if members have seen their names used as part of these spoofed or malicious domains, they should contact the FBI, the U.S. Securities and Exchange Commission or their state's attorney general's office. FINRA also encourages brokers and to contact the domain registrar and demand that the fake site be removed.
Over the past several months, FINRA has noted an uptick in fraudsters using the names of registered brokers, as well as the organization's own employees, as lures for phishing and other schemes. In May, the authority warned of phishing emails using the names of Bill Wollman or Josh Drobnyk, vice presidents of the organization, to trick FINRA members to input their username and password for a Microsoft Office or SharePoint account (see: FINRA Warns of Phishing Emails Targeting Members)
Other Spoofing Incidents
Since the onset of the COVID-19 pandemic, security experts have warned that fraudsters and cybercriminals are increasingly using spoofed websites and domains to target victims. Many of these are designed using the logos and official language of legitimate organizations and government agencies and programs.
Earlier this month, for example, security firm Malwarebytes reported that a phishing campaign spoofed a COVID-19 loan program run by the U.S. Small Business Administration in an attempt to steal banking credentials and other personal data (see: Phishing Campaign Spoofs SBA Loan Offer).
In April, security researchers reported fraudsters using spoofed websites designed to look like the Federal Reserve and SBA as part of a COVID-19-themed phishing campaign (see: Latest Phishing Campaigns Spoof Federal Reserve, SBA).