Fake emails purporting to be from the FINRA, Wall Street’s powerful self-regulator, have been sent to potential market participants, according to a FINRA statement.
The mass email scam appears to be from at least three imposter FINRA domain names, namely “@finrar-reporting.org,” “@Finpro-finrar.org” and “@gateway2-finra.org.”
Like a campaign the group warned about a few months ago, the self-regulator has alerted investors to avoid a phishing email that is requesting broker-dealers to fill out a fraudulent FINRA study.
In a notice posted on its website, FINRA said it warns member firms of an ongoing phishing campaign that involves fraudulent emails.
The email asks the recipient to click a link to “view request” and provide information to “complete” that request, noting that “late submission may attract penalties.”
FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.
Finally, the Wall Street’s industry-funded watchdog has requested that the internet domain registrar suspend services for these fraudulent domains, adding that it advised firms to delete all emails originating from this source.
Over the last few months, FINRA has repeatedly warned financial services firms of tricky new phishing campaigns that mimic a message from the nongovernmental organization.
Typically, the fraudsters use special software to make the message appear genuine. Recipients are often invited to click on a link that appears to take them to the watchdog’s website. Instead, they go to a false website that tries to steal sensitive information from those targeted, which can be used later without their knowledge to commit fraud.
Additionally, the watchdog pointed to its guidance on fake emails, websites, letters and phone calls on its website. The regulator said anyone in doubt about the authenticity of contact or receives such correspondences should contact the relevant authorities.
Furthermore, FINRA urged anyone who entered their password to change it immediately and notify the appropriate individuals in their firm of the incident. Further, it has provided details on how to identify spoof emails in a dedicated section on its website.