The Financial Industry Regulatory Authority is warning member firms to avoid a phishing email that is requesting broker-dealers to fill out a fraudulent FINRA study.
In a notice posted on its website Tuesday, FINRA said the “widespread, ongoing phishing campaign … involves fraudulent emails purporting to be from FINRA asking member firms to complete a survey.”
The email was sent from the domain “@regulation-finra.org” and was preceded by “info” followed by a number, e.g., [email protected], FINRA said.
The domain of “regulation-finra.org” is not connected to FINRA, and advisory firms “should delete all emails originating from this domain name,” the regulator cautioned.
FINRA recommended that anybody who clicked on any link or image in the email “immediately notify the appropriate individuals in their firm of the incident.”
FINRA also requested that the internet domain registrar suspend services for “regulation-finra.org.”
The BD regulator also reminded firms to make sure they “verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.”
Hackers and other bad actors have been having a field day since the start of the pandemic. In August, just days after warning about a new impostor FINRA website that has an extra “n” in its domain name, the BD regulator warned that malicious actors were also setting up impostor websites using registered reps’ names.
According to Federal Bureau of Investigation data cited in June, the number of cybersecurity complaints had spiked to 4,000 a day from 1,000 complaints a day four months earlier. And those four months’ worth of complaints were almost more than reported for all of 2019.
In addition, a May 2020 survey of financial institutions found 80% reported a 238% increase in cyberattacks compared to last year.
In May, Bill Wollman, an executive vice president at FINRA and head of its office of Financial and Operational Risk Policy, said fraud continued to be a major challenge that broker-dealers faced during the COVID-19 pandemic, with the “biggest potential problem” being phishing attacks.
— Related on ThinkAdvisor: