Skip to main content

Cybersecurity Alert – Ongoing Phishing Campaign Using FINRA Executives

IMPACT: All Firms 

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the e-mail addresses “[email protected]” and “[email protected]”. The e-mail addresses and domain “” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

The emails from the domain “” states:

Attn: [Individual name],

By way of introduction, my name is Steve Randich, the Executive Vice President and Chief Information Officer, (OR Robert L.D. Colby, the Chief Legal Officer), Financial Industry Regulatory Authority (FINRA). FINRA regulatory department has made multiple attempts to contact you to deliver a notice that requires your attention.

I'm reaching out due to the importance of this notice. It is disclosed below, kindly follow the information in the letter and complete the request at your earliest convenience.

Please let me know if you have any questions or concerns.

Steve (OR Robert)

FINRA Request

Period:                February 2024
Type:                   Confidential
Published Date:   15th March 2024
Due Date:            15th April 2024
File:                      FINRA_ [FIRM NAME] _Disclosure290124.pdf
Size:                     342kb

Steve Randich
Chief Information Officer
Financial Industry Regulatory Authority (FINRA)
1700 K Street, NW
Washington, DC 20006

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA has requested that the Internet domain registrars suspend services for “”.

For questions related to this Alert or other cybersecurity-related topics, contact the FINRA Cyber and Analytics Unit (CAU). Both the FBI and CISA urge you to promptly report phishing incidents to a local FBI Field Office, the FBI Internet Crime Complaint Center (IC3) at or CISA via CISA’s 24/7 Operations Center ([email protected] or 888-282-0870).

Note: This Alert does not create new legal or regulatory requirements or new interpretations of existing requirements, nor does it relieve firms of any existing obligations under federal securities laws, regulations, and FINRA rules. Member firms may consider the information in this Alert in developing new, or modifying existing, policies and procedures that are reasonably designed to achieve compliance with relevant regulatory obligations based on the member firm’s size and business model. Moreover, some questions may not be relevant due to certain firms’ business models, sizes, or practices. 

If you would like to add or change who receives this email, please update your firm’s Chief Information Security Officer (CISO) and/or Chief Compliance Officer (CCO) contacts in FINRA Gateway.