Cybersecurity Alert: Cloud-Based Email Account Takeovers!

Information Notice – 10/2/19

Summary:

Several member firms recently notified FINRA that they have experienced email account takeovers (ATOs) while using cloud-based email platforms, including Microsoft Office 365 (O365). Attackers used compromised email accounts to defraud member firms by requesting fraudulent wire requests or stealing confidential firm information or non-public personally identifiable information (PII). 

This Notice outlines the attackers’ tactics in executing ATOs, as well as steps taken by member firms to address ATO risks when using cloud-based email systems.

Questions concerning this Notice should be directed to:

View Full Notice Here: