NFA Warns of Fake Emails
On March 3, the National Futures Association (NFA) issued a notice to members warning of reported phishing attempts using fake NFA credentials. Per the notice, an ongoing phishing campaign has been discovered, in which names of NFA staff and a fake NFA email address are being used. The NFA requests member vigilance in this regard.
The phishing campaign includes emails using a fake domain that mimics the NFA’s domain name.
The fake domain is @nfa-futures.org.
Legitimate emails from the NFA are sent from the following domains:
Additionally, the campaigns have included messaging purporting to be from NFA staff members, including Valerie O'Malley, Regina Thoele, Jennifer Sunu, and possibly others as well. The NFA assures that while the names may indeed be of staff members, those names have been used illegitimately by bad actors with malicious intent.
Recipients of these emails are advised to refrain from clicking any links in the email, refrain from opening any attachments in the emails, and ideally to immediately delete any emails from the fraudulent address.
NFA members and all firms in general should exercise vigilance regarding this and other phishing campaigns. ACA recommends:
- Be on the lookout for emails with from source of @nfa-futures.org. Note that the “-“ in this domain indicates that this is illegitimate.
- Immediately delete all emails from @nfa-futures.org.
- Alert all staff regarding this phishing campaign.
- Block the @nfa-futures.org domain and URL on the company spam filter.
- Immediately change the password for any user that did fall for the phishing campaign and submitted their login credentials.
- Enable multi-factor authentication (MFA) if not already enabled.
- Remind staff to generally inspect hyperlinks and domain names to verify that they are from a trusted source.
- Enhance training efforts toward recognizing and preventing phishing attempts and related criminal activity.
How we help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar social engineering efforts, and to enhance its cybersecurity in general:
- Threat intelligence, phishing testing and monitoring
- Operational resilience and governance
- Risk assessments and regulatory compliance testing services
Download our Aponix Protect™ cybersecurity solution brochure.
If you have any questions, please contact your ACA Aponix consultant or contact our cyber team.