FINRA warns member firms to be on the lookout for a fraudulent phishing email that is currently circulating. Recently, member firms have reported to FINRA that they have received suspicious emails targeting their compliance personnel.
Recognizing the Red Flags
The firms have recounted that they have received suspicious emails from a purported BSA-AML compliance officer working at what appears to be a legitimate Indiana-based credit union. The email references a transfer of money made by a firm client to the credit union, a transaction that according to the email was placed on hold due to concerns about potential money laundering. The email contains an attachment that, if opened, could pose security risks to the firm.
The sender attempted to give some legitimacy to the email by including a reference to a provision of the USA PATRIOT Act that relates to the ability of financial institutions to share information with each other.
The email contains red flags of potential fraud, including:
- an email address that appears to be from Europe, rather than the U.S.-based credit union;
- numerous instances of poor grammar and sentence structure; and
- a request that the recipient open the email attachment for more details.
FINRA advises firms that receive suspicious emails from an unknown source to use caution before replying to the sender or opening any links or attachments. If your firm has received suspicious emails, here are some ways to report the incident to FINRA:
- contact your Regulatory Coordinator;
- file an online regulatory tip at www.finra.org;
- send an email to firstname.lastname@example.org; or
- call FINRA’s Whistleblower Line at (866) 963-4672.
As a reminder, phishing scams are ever-changing and are designed to infiltrate the computer network of the recipient. You should always use caution when opening emails from unknown senders and do not open attachments until you verify the sender and information that might be included in the document.
The full FINRA Information Notice can be accessed here.