Phishers target investment brokers, aim for Office, SharePoint login credentials

Phishers are trying to trick investment brokers into sharing their Microsoft Office or SharePoint login credentials by impersonating FINRA, a non-governmental organization that regulates member brokerage firms and exchange markets.

Phishers target investment brokers with malicious emails

The “widespread, ongoing phishing campaign” takes the form of emails purportedly sent by FINRA VPs Bill Wollman and Josh Drobnyk from @broker-finra.org email addresses.

They can contain an attached document or a malicious link, though occasionally they are just are simply a way to elicit a response and gain the recipient’s trust before sending an email with an infected attachment or link or a request for confidential firm information.

“In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password,” FINRA noted.

The organization has requested that the Internet domain registrar suspend services for the broker-finra.org domain, but attackers can easily register another convincing one, so securities firms and brokers are advised to always be on the lookout for suspicious emails and to verify their legitimacy before responding to them or interacting with them.