Cybersecurity Alert - Ongoing Phishing Campaign

Impact: All Firms

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@finrarps.org” or “@finrarps.net”. The domains of “finrarps.org” and “finrarps.net” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

The email from “finrarps.org” states:

Dear [Individual],

Submission of One or More Data Items Is Due

This request has been issued by Investment Adviser Registration Depository (IARD), (FINRA) and U.S SEC.

Following the U.S SEC. records, your firm meets the criteria of advisers who are required to complete the enclosed data request report on or before Friday, 7th of April.

Please note that your investment adviser registration will be considered inactive after the due date for submitting the required information.

The submission obligation is only satisfied once all of the items have been successfully submitted. We advise you to submit as soon as possible.

Sincerely,

Financial Industry Regulatory Authority (FINRA).
1735 K Street,
NW Washington,
DC 20006

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA has requested that the Internet domain registrars suspend services for "finrarps.org" and “finrarps.net”.

For more information, firms should review the resources provided on FINRA’s Cybersecurity topic page, including the Phishing section of our Report on Cybersecurity Practices - 2018.

Questions regarding this alert should be directed to FINRA’s Cyber and Analytics Unit (CAU) at [email protected].