Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Federal Regulation > FINRA

FINRA Warns of Email Phishing Scam

By Melanie Waddell

X
Your article was successfully shared with the contacts you provided.

The Financial Industry Regulatory Authority warned broker-dealers Monday of phishing emails that purport to be from the self-regulator.

In Regulatory Notice 20-12, FINRA states that the scam is “a widespread, ongoing phishing campaign that involves fraudulent emails” that claim to be from FINRA officers, including Bill Wollman and Josh Drobnyk.

The emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to a broker-dealer firm.

The domain of broker-finra.org is not connected to FINRA and firms should delete all emails originating from this domain name, FINRA states. Also, FINRA has requested that the internet domain registrar suspend services for broker-finra.org.

“In at least in some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information,” FINRA explains. “In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password.”

FINRA urged anyone who entered their password to change it immediately and notify the appropriate individuals in their firm of the incident.

Firms should verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links, FINRA states.

For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of its Report on Cybersecurity Practices – 2018.

— Check out Key Tech Steps for RIAs Working From Home on ThinkAdvisor.

Melanie Waddell

@Think_MelanieW

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.