A new phishing campaign is targeting members of Financial Industry Regulatory Authority (FINRA), with emails purporting to be from FINRA officers. The goal is to obtain the members’ user names and passwords for Microsoft Office or SharePoint.
Hacking a network or a protected system is difficult, but attackers have a much easier time with real and valid login credentials. One way to obtain such private data is through data breaches, but a more conventional method involves a process named spearphishing.
In the case of the FINRA phishing attack, members of the organization are directly targeted with emails explicitly crafted for them, imitating the name of the domain by using “broker-finra.org”, which is not connected to FINRA.
“These emails have a source domain name ‘@broker-finra.org’ and request immediate attention to an attachment relating to your firm,” says the FINRA advisory. “In at least in some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information.”
Some of these phishing emails might contain an attachment that redirects people to a website where they are asked for Microsoft Office or SharePoint passwords. Many companies used numerous Office 365 services, and, with the right credentials, they can be used to get a foothold.
FINRA advises anyone who entered their password to change it immediately and notify the appropriate individuals in their firm. Employees should also pay attention to incoming emails, verify if they come from known contacts, and be wary of websites and other online resources that require them to submit user names and passwords usually reserved for their organizations.
Targeted phishing campaigns are more common than you might think. Just last week, Bitdefender identified a new phishing campaign directed at the Standard Bank of South Africa, with tens of thousands of emails sent in just one month.