The email scam is the latest of several attempts to illicitly gather data by impersonating FINRA or registered reps. The Financial Industry Regulatory Authority is warning member firms to avoid a phishing email that is requesting broker-dealers to fill out a fraudulent FINRA study.

On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors and broker dealers.

Credential stuffing is an automated cyber-attack on Internet-based user accounts and firm networks. Attackers obtain usernames and passwords from the dark web and then employ automated scripts utilizing the compromised information to attempt to log in and gain unauthorized access to other customer accounts and firm networks. Credential stuffing has proven to be a more effective way for hackers to gain access to accounts and firm systems than traditional brute force password attacks have been. If the credential stuffing attack is successful, attackers can gain access to and control over customer assets and confidential information.

Work from home organizations all over the world have been polishing their strategies to enable their employees to work from remote locations at whatever time they like.

Investment advisers are enhancing their cybersecurity programs by implementing formal protection plans, taking out insurance, and stepping up security assessments, an influential industry survey has found.

On August 12, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert, warning investment advisors and broker-dealers of the continued challenges to protect investors from COVID-19 related risks.[1] Given the ongoing challenges related to the global pandemic, OCIE felt it was necessary to share its observations and recommendations with the public. The Risk Alert identifies six broad categories of challenges: (1) protection of investors’ assets; (2) supervision of personnel; (3) practices related to fees, expenses, and financial transactions; (4) investment fraud; (5) business continuity; and (6) protection of investor and other sensitive information.

The new team, housed within the exam unit, “will proactively engage with financial firms about emerging threats and current market events."

Staff admits that mistakes they have made at work have had cybersecurity repercussions themselves or their company.

Attempts to penetrate financial institution networks through phishing and ransomware are on the rise.

The Securities and Exchange Commission’s exam division is warning advisors and broker-dealers to immediately review their cybersecurity controls, as phishing and ransomware attacks are on the rise. In a just-released risk alert, the agency’s Office of Compliance Inspections and Examinations warns that while recent reports indicate that one or more threat actors have used phishing and ransomware measures to penetrate financial institution networks, OCIE “has observed ransomware attacks impacting service providers to registrants.”

State securities regulators have proposed a sweeping new model law that would require state investment advisors and reps to bring their policies, procedures and disclosures up to Securities and Exchange Commission standards.

The rules would require each RIA policy and procedure to be customized to each state’s advisor requirements, with a code of ethics that aligns closely with SEC rules, to “enhance investment advisers’ abilities to fulfill their fiduciary duties to clients,” the North American Association of Securities Administrators (NASAA) said in its new proposal.