Fraud continues to be a major challenge that broker-dealers face during the COVID-19 pandemic, with the “biggest potential problem” being phishing attacks, according to Bill Wollman, an executive vice president at the Financial Industry Regulatory Authority and head of its office of Financial and Operational Risk Policy.
Issues that “have to be thought about” are the fact that many BDs are working remotely now and may not have strong passwords and may not have downloaded the latest security upgrades for their computers, he said during a recent “Virtual Fireside Chat” that was part of the Securities Industry and Financial Markets Association’s webinar series. All BDs and advisory firms should be monitoring these security issues, he told viewers.
In a recent phishing scam, somebody was using his name and FINRA in an email that included an attachment, he recalled, warning that BDs should be wary of emails containing domain names that are slightly off and misspellings. The staffs of BD firms need to be aware that there are people trying to do them harm during the pandemic, he said, noting FINRA had set up a fraud task force.
Wollman advised that BDs reach out to FINRA, the Securities and Exchange Commission or the Federal Bureau of Investigation if they have concerns about potential fraud and scams.
In Regulatory Notice 20-12, issued earlier this month, FINRA warned of “a widespread, ongoing phishing campaign that involves fraudulent emails” that claim to be from FINRA officers, including Wollman and Josh Drobnyk. The emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to a broker-dealer firm. The domain of broker-finra.org is not connected to FINRA and firms should delete all emails originating from this domain name, FINRA stated.
In an Investor Insights post on its website Monday, FINRA pointed out that it issued Regulatory Notice 20-13, reminding firms to “beware of fraud” during the pandemic. The Insights post highlighted “four common scams to look out for: (1) fraudulent account openings and money transfers; (2) firm imposter scams; (3) IT Help Desk scams; and (4) business email compromise schemes” — and firms can take action to mitigate related risks.