The Financial Industry Regulatory Authority (FINRA) is warning firms of an ongoing phishing attack that is using a fake support request supposedly from FINRA.
FINRA is the self-regulatory organization that enforces rules and regulations for all US securities firms and exchanges operating in the United States. As the market watchdog, FINRA enforces rules for more than 624,000 financial professionals across the US and oversees billions of market events every day.
Yesterday, FINRA has issued a warning about a phishing campaign that involves actors sending bogus support emails that are designed to look as they came from the non-profit organization.
“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from “FINRA SUPPORT” with the email address “firstname.lastname@example.org,” FINRA wrote.
“The email asks the recipient to pay attention “to the report attached below that requires your immediate response” and states that “[t]he attachment contains our updated Public Policy information.” The emails may not include an attachment,” FINRA said.
The domain westour.org is not connected to FINRA in any way, and as such should raise red flags. Brokerage firms are advised to delete such emails without opening them. If anyone has already opened an email from this domain, they should report it to their network administrators.
NameCheap has been asked By FINRA to suspend the Westour.org domain, which was reportedly registered on 5/27/21.
FINRA subscribers has been phished in the past. In June, the Financial Industry Regulatory Authority warned firms that attackers threatened victims with penalties to prompt brokers to respond to phishing emails. In March, scammers started sending emails claiming to be from FINRA and asking members to pass a “FINRA Compliance audit.”
Unfortunately, many of the domains that were associated with the attacks have not been taken down by respective Internet Registrars.