Skip to main content

Cybersecurity Alert - Ongoing Phishing Campaign

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “” and “”. Samples of both emails are provided in Appendices 1 and 2.

The domains of “” and “” are not connected to FINRA, and member firms or their customers may receive similar phishing emails from other domain names in addition to those identified in this Alert.

FINRA has requested that the Internet domain registrars suspend services for "" and “”.

Member firms, or their customers, receiving phishing emails should consider:

  • deleting all emails originating from these domains; and
  • verifying the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.

Staff also recommends that firms and their customers do not call phone numbers listed in suspicious emails or text messages, as threat actors use these as a method of establishing contact with a targeted victim to extract personal information or solicit a fraudulent payment (this tactic is known as Callback phishing).

For more information, member firms should review the resources provided on FINRA’s Cybersecurity topic page, including the Phishing section of our Report on Cybersecurity Practices - 2018.

Questions regarding this alert should be directed to FINRA’s Cyber and Analytics Unit (CAU) at [email protected].

Appendix 1 – Email from “”

Cordial saludo señora Name, adjunto documento para el proceso de retiro del capital, por favor devolver a este correo el documento diligenciado con los datos faltantes de la tabla y firmar si está interesada en continuar con este proceso, gracias quedo atenta a su respuesta para dar continuidad.

Buen dia,    
FINRA Logo    
Senior Officer

[email protected]
Investor protection. Market integrity.
1735 K Street, NW
Washington, DC 20006-1506
© 2023 FINRA. All rights reserved. FINRA and other trademarks of the Financial Industry Regulatory Authority, Inc. may not be used without permission.

Appendix 2 – Email from “” 

Dear Name

I'm contacting you from Financial Industry Regulatory Authority (Finra), case XXXXXX regarding the funds which we've received from Blockchain under your name as Blockchain System is automatically blocking going out transfers from illegal platforms due to suspicious activities. The form of the money is in Bitcoins and it's frozen and under control of Finra. We are sending you an email that includes the following information: who are we and what is the main purpose of our job, how you should be verified to first of all find out what kind of information we hold about you - how much exactly is a sum of money which was stolen from you plus the profits that were made by the fraudulent platform, as they were trading and tried to withdraw it). What kind of steps exactly you will be needed to pass for withdrawing the blocked funds. We are the one and only organization that is capable of unblock money which is declared as stolen from people all over the World. Finra is as well one of organizations who has straight connection to Blockchain and as Finra is regulating and controlling its sphere of activity that includes brokerage firms and exchange markets. First of all you have to verify your personality, we must be sure that we are having the communication with the correct person. If you are interested in claiming back, please inform me. I'm sending you the instructions how to unfreeze the amount: 1. Transaction history from your bank to trading account (if it's possible) 2. You have to download Exodus hardware wallet (frozen amount is holding on new whitelisted Exodus wallet) 3. Latest month statement from your bank account (Your full name and address should be visible) 4. Statement of crypto exchange wallet (e.g. binance, coinbase... which is verified under your name) In transaction history even one transfer will be accepted and for the withdrawal request we are going to do it from our side. Hardware crypto wallet is the most important because otherwise we won't be able to send you Bitcoins directly to your bank account. We hope you will reach the desired destination point and you will do the withdrawal, it has been used and experienced by thousands of humans so we will be glad if you will also be the one of them. 

Kind regards, 
Recovery Department of Finra 
Senior recovery manager 
The Financial Industry Regulatory Authority 
Mobile: Phone Number