Just before the 4th of July long weekend, hackers were on the attack. On July 1, 2021, Microsoft released news of an active exploit impacting all Windows systems. This critical vulnerability, known as “PrintNightmare” (CVE-2021-1675) could have given an attacker full control of a Windows system (including the ability to deploy ransomware) if a user interacted with malicious code (via malicious attachment, web advertisement, webpage, etc.) that targeted the Printing Subsystem in Windows.
Once again cybercriminals are impersonating the Financial Industry Regulatory Authority (FINRA), which is the largest brokerage regulation company in the US. Organizations strive to be compliant with regulations, which is why receiving an email that appears to be from FINRA can be quite startling.
In this FINRA-themed phishing email, the sender’s email address uses the domain gateway[dash]finra[dot]org. The email claims that your organization has received a compliance request and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties”. The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. But if you click the link, you will be redirected to a malicious website. Don’t fall for it!
Use the tips below to stay safe from similar attacks:
What is sensitive information?