Is an Email from a State Insurance Regulator the next Cybersecurity Risk?

Weekly snippets from the Insurance Compliance Insight (ICI) Newsletter. A weekly subscription service published by an insurance compliance professional for insurance compliance professionals!

FINRA's recent Cybersecurity Alert highlights a phishing campaign involving emails that appear to be from FINRA executives. This scam, which began on October 9, 2024, uses fraudulent messages claiming to seek information from firms and threatening fines for non-compliance.

The phishing emails come from domains mimicking FINRA's, such as gateway-finra[.]com. They include PDF attachments that, while appearing blank, may contain hidden threats. FINRA has provided details about these PDFs to aid in detection.

A sample email in the Alert shows how convincing these messages can be. It's not hard to imagine a similar email appearing to come from a State Insurance Department, potentially prompting quick action from a regulated entity.

FINRA advises deleting these emails, blocking the domains, and incorporating the information into threat monitoring. They stress the importance of verifying suspicious communications before taking action - advice that applies to messages from any regulatory body, including state insurance commissioners.

This scam is particularly concerning because regulated entities may not view communication from a regulator as suspicious. Depending on what's asked, the request might seem routine.
The tactics used in this FINRA-impersonation scam could easily be adapted to mimic state insurance regulators or other oversight bodies. All regulated parties should stay alert to similar attempts using different domain names or file characteristics.

Companies should consider including examples in their cybersecurity training on how to verify message authenticity from all regulatory bodies, both federal and state-level. This step could help protect against future sophisticated phishing attempts targeting the financial and insurance sectors.