FINRA ADVISES BEWARE OF EMAIL SCAMMERS AS NEW SCHEMES RISING DAILY
In recent times, scammers have been consistently preying on the financial services industry. Remarkably, they often succeed in singling out their prey based on reports from cybersecurity regulators and experts.
“It’s almost as if many of these fraudsters have worked in financial services in the past,” Gregory Markovich, the regulatory Administrator at FINRA’s Chicago District Office, announced at the SRO’s 2020 Cybersecurity conference in New York City.
“They know how call centres operate, they know how back office processes operate, and they leverage that,” added Markovich, who is also one of FINRA’s foremost cybersecurity specialist.
Spotting Potential Fraud
In 2019 TD Ameritrade discovered a billion attempts at accessing credential filling, where credentials such as user identifications are obtained to gain access to accounts and passwords. According to Paul Nickelson, a director at the corporation’s Fusion Center, TD Ameritrade didn’t incur costs from those operations, he said.
The Fusion Center is a strategy hub concentrated on enhancing detection and deterrence of investment hazards. The hub specializes on safeguarding investments and protecting the privacy of customers, security and trust.
FINRA itself also doesn't seem immune to the attempted cyber-attacks and has been constantly receiving dubious emails.
There was an attempt the morning of the conference, announced Barry Suskind, FINRA’s Senior Director of Information Security Architecture. The scammer used data assumed to have been retrieved from LinkedIn.
“They see who’s on your payroll staff on LinkedIn, who’s on your development staff, and they’ll send personalized messages: ‘Hi, Bob, I have some programs I’d like you to download, can you get in touch with me?"' Suskind explained.
Being vigilant at the employee level is the main element of security against cyberattacks according to the administrators, who specified what advisors, their staff and home office employees should look out for.
The Gift Card and Inheritance Scheme
Anyone could receive a phishing email from an imposter with details as though it was a senior executive in their institution demanding gift cards.
“So, if I see something coming from [FINRA president and CEO] Robert Cook, people tend to pay less attention to the email address,” Suskind illustrated as an instance.
In a special fraudulent scheme, volumes of emails that purported to come from FINRA’s CEO portrayed FINRA as a “recognized financial manager of the IMF,” declaring an inheritance to the prey, notifying them that “approval has been granted for the release and payment of your outstanding inheritance fund.”
The scheme however requires the scapegoat to travel to another country outside of the jurisdiction of any U.S. regulator or law enforcement officer, to collect the “inheritance.” In these quack emails, the victims are requested to deliver personal data, containing a copy of identification like data pages of passports, which is a popular stunt used in phishing scams.
However, there has not been one FINRA lawsuit against scammers as they stay hidden behind false identities and Virtual Private Networks (VPN).
