Cybersecurity Alert - Ongoing Phishing Campaign

Impact: All Firms

Update (October 16, 2023): This Alert has been updated to reflect an additional domain associated with this ongoing phishing campaign.

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@rf-finra.org” and “@rfs-finra.org”. The domains “@rf-finra.org” and “rfs-finra.org” are not connected to FINRA, and firms should delete all emails originating from these domains and follow any internal procedures related to reporting phishing emails to the appropriate stakeholders. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to the one identified in this Alert.

The email originating from the domain “rfs-finra.org” states:

Dear [Individual],

By way of introduction, my name is [Imposter] from the department overseeing your firm's operation.

The following request has been provided for your firm. You are required to complete the request following the instruction in the attached file.

Please respond to this email for additional information.

Disclosure

Request               Published Date  Firm       Due Date             

Report Filing     12/10/2023         [Firm name]   17/10/2023        

Sincerely, 

[Imposter]

[Imposter]

Financial Industry Regulatory Authority (FINRA).

1735 K Street
NW Washington,
DC 20006 

Confidentiality Notice:: This email may include non-public, proprietary, confidential or legally privileged information. If you are not an intended recipient or an authorized agent of an intended recipient, you are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with this e-mail is unauthorized and strictly prohibited.

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments, or clicking on any embedded links. FINRA has requested that the Internet domain registrar suspend services for "rfs-finra.org”.

For more information on cybersecurity issues, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, as well as the Cybersecurity and Technological Governance section of the 2023 Report on FINRA’s Examination and Risk Monitoring Program.

Questions related to this Alert or other cybersecurity topics can be emailed to FINRA’s Cyber and Analytics Unit (CAU).