Not for the first time, FINRA, the US Financial Industry Regulatory Authority, has warned investors not to be taken in by fake phishing emails that appear to come from its President and CEO.
- The fake emails claimed FINRA was a "recognised financial manager of the IMF" and "approval has been granted for the release and payment of your outstanding inheritance fund". Not true.
- To claim the inheritance, you're required to fly to a country outside US jurisdiction, provide personal information and a copy of your passport. Scam.
Use these top tips and protect you and your firm against email phishing:
- Be sceptical from the start about any email you get from a recognised brand (such as a bank, utility, shopping or tech firm) that asks you to click a link, provide your personal information or passwords.
- Watch out for red flags (signs that something could be wrong) - for example, a generic greeting (Dear Customer, Dear User), poor quality logos, spelling mistakes, serious consequences unless you act urgently, the wrong facts, and so on.
- Avoid oversharing information about your position, title and where you work on social media - it can make you more susceptible as scammers can use it to make their emails more credible (eg "Hey I work with Julie in Accounts at X").
- Train yourself to recognise personal styles (eg how people generally communicate with you, words and phrases they use, their usual signoff, etc) - this can help you detect impersonators.
- Delete any suspicious emails you get without opening or clicking on any links or forward them to IT for investigation - don't let your curiosity force you into an error.
- Don't respond to requests for information from generic senders - eg HR, Marketing, or IT.
- Finally, trust your instinct - if it sounds too good to be true, it usually is.
Help raise awareness amongst your employees on how to protect against email phishing with our training course.