The Financial Industry Regulatory Authority warned broker-dealers Wednesday to be on the lookout for a phishing email targeting compliance personnel.
Brokerage firms have reported to FINRA that the email appears to be from a legitimate credit union attempting to notify the firm about potential money laundering involving a purported client of the firm.
“The email directs the recipient to open an attached document — which likely contains a malicious virus or malware designed to obtain unauthorized access to the recipient’s computer network,” FINRA states in a Information Notice.
Phishing scams are ever-changing and are designed to infiltrate the computer network of the recipient, FINRA points out.
The BDs reported receiving suspicious emails from a purported BSA-AML compliance officer working at what appears to be a legitimate Indiana-based credit union.
The email references a transfer of money made by a firm client to the credit union, a transaction that according to the email was placed on hold due to concerns about potential money laundering, FINRA says.
“The email contains an attachment that, if opened, could pose security risks to the firm,” FINRA states. “The sender attempted to give some legitimacy to the email by including a reference to a provision of the USA Patriot Act that relates to the ability of financial institutions to share information with each other.”
Attachments from unknown sources should not be opened unless cleared by your network security provider, FINRA warns.
The email contains red flags of potential fraud, including:
- an email address that appears to be from Europe, rather than the U.S.-based credit union;
- numerous instances of poor grammar and sentence structure; and
- a request that the recipient open the email attachment for more details.