The Financial Industry Regulatory Authority is alerting broker-dealers to phishing campaigns — one ongoing and another new — that involve fraudulent emails.
On April 25, FINRA warned of a scam purporting to be from FINRA and using the domain name “@claims-finra.org.”
“The domain of ‘claims-finra.org’ is not connected to FINRA and firms should delete all emails originating from this domain name,” FINRA told broker-dealers.
The email states:
Dear Name,
Please find the attached Deficiency letter. This notice is from the FINRA risk analysis department following a directive from SEC. As instructed in the letter, I will keep this request open until Wednesday 04/27/22.
Please note that you are required to submit a response to this request by replying to this email.
On Wednesday, FINRA warned about a new, “potentially related, phishing attack also purporting to be from FINRA.”
This new attack “may use the same FINRA staff person’s name as the prior attack and may look like it was sent from that staff member’s ‘finra.org’ email address,” FINRA states.
“It also may ask the recipient to click on a ‘View Request’ button; doing so generates an email addressed to the ‘@claims-finra.org’ domain,” FINRA said.
“Recipients of this phishing attack should NOT click on the ‘View Request’ button and delete all emails originating from this domain name,” FINRA said.