The U.S. Financial Industry Regulatory Authority (FINRA) warned about threat actors targeting users with spoofed websites and domains to steal sensitive information. Attackers are using FINRA members’ real names and images to trick users into believing that they are legitimate.
FINRA regulates member brokerage firms and exchange markets. In a security alert, the agency stated that the phishing attacks via fake websites are on rise. This is because attackers are using registered brokers’ data to create phishing emails and imposter websites. The fake emails are embedded with phishing links or malicious attachments that contain malware. Several members fell victim to these sites, compromising their personally identifiable information (PII) like names, email addresses, and contact details.
Several firms have recently informed FINRA that malicious actors are using registered representatives’ names and other information to establish websites that appear to be the representatives’ personal sites, and are also calling and directing potential customers to use these imposter websites. Imposters may be using these sites to collect personal information from potential customers with the likely end goal of committing financial fraud.
Trace the Phish
The imposter domains used in this phishing campaign include common features like:
- Using the registered representative’s name as the domain name for the website as in firstnamemiddlenamelastname.com.
- Including a picture purporting to be the registered representative.
- Providing information about the registered representative’s employment history, including prior employers’ CRD numbers and examination history.
- Asking individuals to fill out a contact form with the individuals’ names, email addresses, phone numbers, the subject of the inquiry and space for a message.
FIRNA stated that the imposter websites contain poor grammar, misspellings, odd or awkward phrasings, or misuse financial services terminology. It advised member firms and registered representatives to follow necessary security actions to identify such phishing webpages and emails.
Homoglyph Phishing Attacks
Security experts from Malwarebytes discovered cybercriminals using a combination of fake domains with favicons to launch “Homoglyph Attacks.” The attackers used Homoglyph attack — also known as homograph attack, script spoofing, or homograph domain name spoofing — in phishing scams, credit card skimming attacks, and on several domain names to load the inter skimming kit inside of a favicon, a file containing one or more small icons associated with a particular website.