New Phishing Scheme Posing as FINRA
Author: Amy D'Avella
Key Bridge Compliance has been made aware of a new phishing attack against both FINRA members and SEC-registered investment advisers. The phishing email appears to be sent from FINRA and attempts to elicit confidential firm information (see representative email below).
We would advise all RIAs to delete emails sent from the domain "@regulation-finra.org.” Do not respond to a) any requests made in the email, or b) open any links or attachments.
FINRA has not yet released an alert specific to this attack, but recently updated members on similar phishing attempts from other FINRA imposters. These fraudulent domains are:
- “@finnra.org” (August 2020)
- “@broker-finra.org” (May 2020)
If you believe you may have provided information to a fraudulent actor, take proper action within your firm in response to a potential cybersecurity breach.
You may find all of FINRA’S cybersecurity alerts and guidance here.
If you have any questions, please contact Key Bridge Compliance, LLC at firstname.lastname@example.org
REPRESENTATIVE PHISHING EMAIL:
FINRA has been directed to update its conduct and supervisory rules on firms that we regulate. We require you to complete the above survey form in full by Tuesday 13 October 2020. This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available. FINRA is committed to protecting the integrity and confidentiality of the data and systems. If you have any questions when completing the survey, please reply to this email for immediate assistance. ATTN: [Firm name]
Thank you, FINRA Regulation Department