Cybersecurity

Given the evolving nature, increasing frequency, and mounting sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for firms and FINRA.

FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.

These pages are designed to assist a firm in building out its cybersecurity program by addressing the individual risks and discussing related controls needed to protect customer and firm confidential data. FINRA has updated this Cybersecurity page to include the following resources:

In case of a Disruptive Attack or Breach
Common Cybersecurity Threats
Events
Reports
Compliance Tools
FINRA Cybersecurity Contact

In Case of a Disruptive Attack or Breach

Firms should get to know their local Federal Bureau of Investigation (FBI) and proactively plan for a cybersecurity attack or breach.

In case your firm is the victim of a disruptive attack or breach, for instance your data has been accessed or your customers cannot do business, you should immediately report the incident to your:

If you need RANSOMWARE assistance, one helpful resource is CISA’s Stop Ransomware!

Unsuccessful and successful cyber-related incidents could require that a SAR be filed, for more information visit The Financial Crimes Enforcement Network (FinCEN)’s guidance.

Common Cybersecurity Threats

This section highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

Phishing
Imposter Websites
Malware
Customer Account Takeover (ATO)
Firm Account Compromise or Takeover

Fraudulent Wires or ACH Transactions
Ransomware
Distributed Denial-of-Service (“DDoS”) Attacks
Vendor Breaches

Learn more about common cybersecurity threats

Past Events

2024 Cybersecurity Conference
February 6 | New York, NY | Hybrid Event
FINRA’s Cybersecurity Conference is a one-day, hybrid event that is designed to help you stay current on today’s cybersecurity challenges, understand vulnerabilities and latest threats and create resilience against cyber-attacks.

2022 FINRA Annual Conference
May 16-18 | Washington, DC | Hybrid Event
FINRA's premier event—the Annual Conference provides the opportunity for practitioners, peers and regulators to exchange ideas on today's most timely compliance and regulatory topics.

2022 Cloud Computing Conference
March 30
This one-day conference brings together regulators, thought leaders and industry practitioners to discuss the use of Cloud Computing, and related opportunities and challenges.

2022 Cybersecurity Conference
March 29
FINRA’s Cybersecurity Conference helps you stay current on today’s cybersecurity challenges and the ways in which organizations can understand vulnerabilities and threats, and create resilience against cyber attacks.

Compliance Tools

Small Firm Cybersecurity Checklist
FINRA has created a Checklist for a Small Firm's Cybersecurity Program to assist small firms in establishing a cybersecurity program.

Core Cybersecurity Threats and Effective Controls for Small Firms
This tool helps small firms enhance their customer information protection, and cybersecurity written supervisory programs and related controls by (1) highlighting the most common and recent categories of cybersecurity threats; (2) providing a summary of effective core controls; and (3) listing relevant terms and additional resources.

Report on Selected Cybersecurity Practices
The Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.

Report on Cybersecurity Practices
In 2014 and 2011, FINRA reviewed firms' cybersecurity practices to better understand the types of cybersecurity threats firms face and how they counter these threats. This report highlights effective practices in the industry and discusses a risk management-based approach to cybersecurity.

Non-FINRA Resources
FINRA has assembled a list of industry and governmental cybersecurity resources that firms may use to manage their cybersecurity risk.

FINRA Rules Related to Cybersecurity

SEC Rules Related to Cybersecurity

248.201-202. Regulation S-ID: Identity Theft Red Flags
248.1-100. Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information
- Regulation S-P Rule Updates (effective August 2, 2024)
Cybersecurity Risk Management Rule for Broker-Dealers (effective date pending)
240.17a-4(f). The Securities Exchange Act of 1933 (17 CFR §240.17a-4(f))
Reg. SCI: Regulation Systems Compliance and Integrity

Regulatory Notice 22-29
FINRA Alerts Firms to Increased Ransomware Risks
12/14/2022
Regulatory Notice 21-42
FINRA Alerts Firms to “Log4Shell” Vulnerability in Apache Log4j Software
12/14/2021
Regulatory Notice 21-30
FINRA Alerts Firms to a Phishing Email Campaign Using Multiple Imposter FINRA Domain Names
08/13/2021
Regulatory Notice 21-29
FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors
08/13/2021
Regulatory Notice 21-22
FINRA Alerts Firms to Phishing Email From “FINRA Support” From the Domain Name “westour.org”
06/23/2021
Regulatory Notice 21-20
FINRA Alerts Firms to Phishing Email Using “gateway-finra.org” Domain Name
06/07/2021
Regulatory Notice 21-18
FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts
05/12/2021
Regulatory Notice 21-14
FINRA Alerts Firms to Recent Increase in ACH “Instant Funds” Abuse
03/25/2021
Regulatory Notice 21-08
FINRA Alerts Firms to Phishing Email Using “finra-online.com” Domain Name
03/04/2021
Regulatory Notice 20-40
FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name
11/30/2020
Information Notice - 10/15/20
Cybersecurity Background: Authentication Methods
10/15/2020
Regulatory Notice 20-35
FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey
10/06/2020
Regulatory Notice 20-32
FINRA Reminds Firms to Be Aware of Fraudulent Options Trading in Connection With Potential Account Takeovers and New Account Fraud
09/17/2020
Regulatory Notice 20-30
Fraudsters Using Registered Representatives Names to Establish Imposter Websites
08/20/2020
Regulatory Notice 20-27
FINRA Alerts Firms to Use of Fake FINRA Domain Name
08/12/2020
Regulatory Notice 20-13
FINRA Reminds Firms to Beware of Fraud During the Coronavirus (COVID-19) Pandemic
05/05/2020
Regulatory Notice 20-12
FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA
05/04/2020
Information Notice – 3/26/20
Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19)
03/26/2020
Information Notice – 10/2/19
Cybersecurity Alert: Cloud-Based Email Account Takeovers
10/02/2019
Information Notice – 4/29/19
Imposter Websites Impacting Member Firms
04/29/2019
Information Notice – 2/13/19
FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms
02/13/2019
Information Notice – 6/19/15
Distributed Denial of Service (DDoS) Attacks on Member Firms
06/19/2015
Information Notice 2/9/12
FINRA Warns Firms of Hoax Emails That Purport to Be From Regulators
02/29/2012
Regulatory Notice 12-05
Verification of Emailed Instructions to Transmit or Withdraw Assets From Customer Accounts
01/26/2012
Notice to Members 05-48
Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers
07/22/2005

Guidance
Cybersecurity Advisory – Fast Flux: A National Security Threat
FINRA member firms should be aware of a technique threat actors use to avoid network defenders detecting the required communications of malware. On April 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NCSC-NZ) issued a joint cybersecurity advisory (CSA) to warn organizations of the ongoing threat of one such technique: fast flux.
April 18, 2025
Guidance
Cybersecurity Alert – Potential Data Breach of Oracle Cloud
Member firms should be aware of an alleged large-scale data breach possibly affecting Oracle Cloud services at firms and third-party providers. FINRA recommends that firms review this information to assess any potential impact to their operations, as well as with third-party providers who provide services to the firm. FINRA previously delivered an email to firms whose domain names appeared in the threat actor post, as well as any firms that previously informed FINRA of their use of Oracle products and services.
April 01, 2025
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign Impersonating FINRA Employees
Member firms should be aware of an ongoing phishing campaign involving fraudulent emails targeting executives and purporting to be from FINRA employees, with the goal of harvesting credentials. As indicated by the full, expanded email address hidden under a masked email display name, these emails are not from FINRA, and firms should delete them and consider blocking the fraudulent domains.
March 13, 2025
Guidance
Cybersecurity Advisory – Mail Scam Targeting Executives Claims Ties to Ransomware
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting recent updates to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, which is a resource designed to help organizations manage and reduce cybersecurity risks, regardless of their degree of cybersecurity sophistication.
March 07, 2025
Guidance
Cybersecurity Alert - New Malware Targeting Firm Customer Support Personnel
Firms could be vulnerable to a newly discovered social engineering scheme in which bad actors trick customer support personnel into downloading and executing malware. This Alert describes the scheme and provides recommendations to help firms protect themselves from the threat.
March 07, 2025
Guidance
Cybersecurity and Cyber-Enabled Fraud
The Cybersecurity and Cyber-Enabled Fraud topic of the 2025 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations, (2) findings and effective practices, and (3) additional resources.
January 28, 2025
Guidance
Technology Management
The Technology Management topic of the 2025 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations, (2) findings and effective practices, and (3) additional resources.
January 28, 2025
Guidance
Third-Party Risk Landscape
The Third-Party Risk Landscape topic of the 2025 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations, (2) findings and effective practices, and (3) additional resources.
January 28, 2025
Guidance
Cybersecurity Alert - Vulnerabilities in FortiManager
Companies that use Fortinet’s FortiManager product could be exposed to a remote, unauthenticated attacker executing arbitrary code or commands due to a critical product vulnerability (CVE-2024-47575), according to two recent alerts from the Cybersecurity & Infrastructure Security Agency (CISA).
October 31, 2024
Report / Study
The Metaverse and the Implications for the Securities Industry
The term “metaverse” has attracted significant attention and curiosity in recent years from the media, entertainment and technology sectors. Though the term has no concrete definition, and interpretations may differ, the metaverse is generally viewed as the next evolution of today’s internet.
October 24, 2024
Guidance
Cybersecurity Alert - Ongoing Threats From Iranian Cyber Actors
On Oct. 16, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) released Cybersecurity Advisory - AA24-290A, which provides threat actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Iranian cyber actors. In light of the historical proclivity of Iranian threat actors targeting the financial services industry, FINRA is sharing this information with member firms.
October 16, 2024
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign Impersonating FINRA Executives
This notification warns member firms of an ongoing phishing campaign that began on or around Oct. 9 that involves fraudulent emails purporting to be from FINRA executives, in some instances containing a PDF attachment. These emails are not from FINRA, and firms should delete them and consider blocking their domains.
October 09, 2024
Guidance
Cybersecurity Advisory – Increasing Cybersecurity Risks at Third-Party Providers
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program highlights recent cybersecurity risks at third-party providers (commonly referred to as third-party vendors) impacting member firms.
September 09, 2024
Guidance
Cybersecurity Alert - FINRA Update to Member Firms Regarding CrowdStrike IT Service Disruption
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program highlights recent reports of a CrowdStrike service outage affecting Microsoft operating systems. FINRA continues to monitor the outage.
July 19, 2024
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of MOVEit Software Vulnerability (CVE-2024-5806)
On June 25, 2024, Progress Software released the MOVEit Transfer Critical Security Alert Bulletin (the Alert Bulletin) for CVE-2024-5806, a newly identified Critical Vulnerability, which was described as an Improper Authentication vulnerability in MOVEit Transfer, Secure File Transfer Protocol (SFTP) module and could lead to Authentication Bypass.
June 27, 2024
Guidance
FINRA Cyber Alert – ONNX Store Purportedly Targeting Firms in Quishing Attacks
ONNX Store, a Phishing-as-a-service platform (PhaaS), is targeting Microsoft 365 (M365) accounts at FINRA member firms with an advanced social engineering attack known as quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs.
June 21, 2024
Guidance
Cybersecurity Advisory – NIST Releases Version 2.0 of its Cybersecurity Framework
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting recent updates to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, which is a resource designed to help organizations manage and reduce cybersecurity risks, regardless of their degree of cybersecurity sophistication.
June 13, 2024
Guidance
Cybersecurity Advisory – SEC Amends Regulation S-P Enhancing Protection of Customer Information (Exchange Act Release No. 35193)
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting the SEC’s recent amendments to Regulation S-P.[1] On May 15, 2024, the SEC announced the adoption of amendments designed to modernize and enhance the protection of consumer financial information by broadening the scope of information covered by Regulation S-P’s requirements and requiring covered institutions to (1) adopt an incident response program and (2) notify affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization.
June 06, 2024
Guidance
Cybersecurity Alert – Ongoing Phishing Campaign Using FINRA Executives
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the e-mail addresses “[email protected]” and “[email protected]”. The e-mail addresses and domain “data-finra.org” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
April 04, 2024
Guidance
Cybersecurity Advisory – Social Engineering Attempts Impersonating FINRA
As we approach the end of the first quarter of 2024, FINRA’s Cyber and Analytics Unit (CAU) proactively warns member firms of continuing social engineering campaigns involving fraudulent representations of individuals purporting to be FINRA representatives. As with many types of social engineering campaigns, threat actors may use website domain names (sites) that are similar to FINRA.org (e.g., Finra-latam.org, finra.world, finra.eu), fraudulently use FINRA’s logo or purport to be legitimate FINRA employees. These domains and individuals are not associated with FINRA.
March 01, 2024
Guidance
Cybersecurity Alert - LockBit (Threat Actor)
LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
January 25, 2024
Guidance
Cybersecurity and Technology Management
The Cybersecurity and Technology Management topic of the 2024 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations and related considerations, (2) findings and effective practices, and (3) additional resources.
January 09, 2024
Guidance
Cybersecurity Advisory - FINRA Holiday Cybersecurity Practices
With the holiday season upon us and 2023 coming to an end, FINRA’s Cyber and Analytics Unit (CAU) would like to remind member firms to prepare for cyber threats and attacks that may occur around the holidays. Member firms and their vendors should consider reviewing and validating their Written Supervisory Procedures (WSPs), continuing to educate their employees with respect to cybersecurity and effective practices, and testing incident response plans (IRPs) to prepare for, prevent, or recover from an incident.
December 12, 2023
Guidance
Potential Phishing Attacks Related to Okta Customer Support System
FINRA’s Cyber and Analytics Unit (CAU) is highlighting an Okta data breach spanning from September 28 to October 17, 2023 that impacts Okta customer support system users. Okta reported that threat actors downloaded names and email addresses, along with other relevant metadata, of their customer support system users. The information could be leveraged in phishing or other social engineering attacks and potentially lead to the targeting of firm personnel in an Okta administrator or customer support role.
December 11, 2023
Guidance
Cybersecurity Advisory - FINRA Highlights Effective Practices for Responding to a Cyber Incident
The prevalence of cybersecurity incidents continues to increase at FINRA member firms. As a result of the continued proliferation of cybercrime, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is issuing this advisory to highlight effective practices and considerations for member firms when responding to cyber incidents, including the benefits of voluntarily reporting information related to the incident to various entities.
November 30, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Members of Joint CISA & FBI Cybersecurity Advisory (AA23-320A)
Due to increased reports related to cyber incidents occurring at FINRA member firms which have been attributed to specific threat actors, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on November 16, 2023, which may be updated as new intelligence is uncovered.
November 17, 2023
Guidance
FINRA Cyber Alert – High-Risk Vulnerabilities Related to Citrix NetScaler Products
FINRA is highlighting recently reported vulnerabilities that impact Citrix NetScaler services including NetScaler ADC and NetScaler Gateway. Threat actors can exploit these vulnerabilities to exfiltrate sensitive information and to infect data and systems with ransomware. These Citrix services are typically used in support of internet-based application systems, to balance and manage incoming requests, and to enhance security and resiliency.
November 10, 2023
Report / Study
Quantum Computing and the Implications for the Securities Industry
article h1::after { content:'1'; white-space:pre; vertical-align:super; font-size:0.5em; line-height:0; }
Quantum mechanics is a branch of physics that deals with the complex properties of atoms and sub-atomic particles.² Quantum computing leverages the principles of quantum mechanics to solve problems too large or complex for traditional computers.
October 30, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@rfs-finra.org”.
October 13, 2023
Guidance
FINRA Cybersecurity Advisory - SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (Exchange Act Release No. 97989)
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting the new SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure that were adopted on July 26, 2023. The SEC adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy and governance in annual reports.
September 21, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of Joint CISA & FBI Cybersecurity Advisory (AA23-242A)
FINRA is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on August 30, 2023, which may be updated as new intelligence is uncovered.
August 31, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of FBI Flash (AC-000172-TT)
FINRA is highlighting a recent Federal Bureau of Investigation (FBI) Flash published on August 23, 2023. According to the FBI Flash, all exploited Barracuda Email Security Gateway (ESG) appliances, even those with up-to-date security patches, remain at risk for continued computer network compromise from threat actors exploiting a zero-day vulnerability documented in CVE-2023-2868.
August 28, 2023
Guidance
Cybersecurity Alert: FINRA Notifies Member Firms of CISA Advisory (AA23-158A)
Impact: All Firms

Update (June 22, 2023): The link to the Advisory issued by CISA on June 7, 2023 has been updated to reflect CISA’s current guidance.

Firms should review this information with any vendors who provide information technology services to the firm.
June 16, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of CISA Advisory (AA23-165A)
Impact: All Firms

Firms without dedicated information security professionals may wish to review this information with any vendors who provide those services to the firm.
June 15, 2023
Guidance
Insider Threats – Effective Controls and Practices
Overview

This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:
April 18, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
Impact: All Firms

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@finrarps.org” or “@finrarps.net”. The domains of “finrarps.org” and “finrarps.net” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

The email from “finrarps.org” states:
April 04, 2023
Guidance
FINRA Provides Update on Sweep: Social Media Influencers, Customer Acquisition and Related Information Protection
This follow-up to the September 2021 targeted exam (sweep) of firms’ practices related to their acquisition of customers through social media channels and their sharing of customers’ usage information with affiliates and non-affiliated third parties summarizes selected practices FINRA has observed firms implement to this point in the sweep.
February 28, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@finra.eu” and “@finrarec.com”. Samples of both emails are provided in Appendices 1 and 2.

The domains of “finra.eu” and “finrarec.com” are not connected to FINRA, and member firms or their customers may receive similar phishing emails from other domain names in addition to those identified in this Alert.
February 23, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@filling-regfinra.com”. The domain of “filling-regfinra.com” is not connected to FINRA, and firms should delete all emails originating from this domain. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

The email states:

Dear Name,

I hope all is well!
November 15, 2022
Media Center
Introducing FINRA's Complex Investigations and Intelligence team and Cyber and Analytics Unit
The new Complex Investigations and Intelligence (CII) team and Cyber and Analytics Unit (CAU) are driving a shift in terms of how Member Supervision’s National Cause and Financial Crimes Detection Program comes at its work and leverages intelligence and analytics to drive decision making and operations. On this episode, we hear how these changes will help FINRA better deliver on its mission of investor protection, market integrity.
August 09, 2022
Guidance
Cybersecurity Alert - June 16, 2022
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@firms-finra.org” or “@firms-sipc.org”. Neither of these domains is connected to FINRA and firms should delete all emails originating from these domain names.
June 16, 2022
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of Microsoft Alert (CVE-2022-30190)
FINRA’s National Cause and Financial Crimes Detection (NCFC) Cyber and Analytics Unit (CAU) has noted a recent alert issued by Microsoft on May 30, 2022.
June 03, 2022
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of CISA Alert (AA22-110A)
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to highlight an alert issued by the Cybersecurity & Infrastructure Security Agency (CISA) on April 20, 2022.
May 02, 2022
Guidance
Cybersecurity Alert - April 27, 2022
On April 25, FINRA issued an alert to member firms which highlighted a phishing attack using the domain name “@claims-finra.org”. This alert is to warn you about a new, potentially related, phishing attack also purporting to be from FINRA.
April 27, 2022
Guidance
Cybersecurity Alert - April 25, 2022
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@claims-finra.org.” The domain of “claims-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.
April 25, 2022
Technical Notice
FINRA Statement Regarding Spring4Shell
FINRA is aware of the critical Spring4Shell vulnerability and has taken immediate steps to neutralize the risk.
April 04, 2022
Guidance
Cybersecurity Alert - March 21, 2022
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program is highlighting a statement released today by President Biden regarding possible threats to our nation’s cyber security, urging private sector companies to remain vigilant and harden their cyber defenses "immediately" based on "evolving intelligence that the Russian Government is exploring options for potential cyberattacks." The President
March 21, 2022
Guidance
Cybersecurity Alert - February 15, 2022
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to bring an important cyber-related development to your attention. The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a “Shields Up” warning this week regarding potential Russian cyberattacks to target U.S. organizations related to Russia’s potential destabilizing actions against Ukraine. CISA advised that while there are not currently any specific credible threats to the U.S., they recommend that all organizations, namely U.S.
February 15, 2022
Report / Study
Cloud Computing in the Securities Industry
Cloud computing is transforming how broker-dealers operate by providing opportunities to enhance agility, efficiency, resiliency and security within firms’ technology and business operations while potentially reducing costs. As a result, cloud computing is increasingly seen by many firms as an important architectural component to their infrastructure.
August 16, 2021
Compliance Tools
Small Firm Cybersecurity Checklist
Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:
July 12, 2021
Podcast
Overlapping Risks, Part 1: Anti-Money Laundering and Cybersecurity
Firm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, the first of a two-part series, we look at the overlapping risks of AML and cybersecurity.
October 27, 2020
Guidance
Common Cybersecurity Threats
This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.
July 09, 2019
Report / Study
2018 Report on Selected Cybersecurity Practices
This report continues FINRA’s efforts to share information that can help brokerdealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.
December 01, 2018
Compliance Tools
Non-FINRA Cybersecurity Resources
FINRA has assembled a list of resources that firms may use to manage their cybersecurity risk. These resources include: news and analysis; effective practices and guidance; and free diagnostic tools...
October 25, 2016
Guidance
Targeted Examination Letter on Cybersecurity
FINRA is conducting an assessment of firms’ approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.
January 01, 2014
Compliance Tools
Core Cybersecurity Threats and Effective Controls for Small Firms
Overview
The following tool identifies key cybersecurity risks currently facing small firms and helps them enhance their customer information protection, and cybersecurity written supervisory programs (WSPs) and related controls, including:
Compliance Tools
Firm Checklist for Compromised Accounts
What should your firm do after it discovers that customers’ accounts have been compromised?

Investor Insights
Be Alert to Investor Risks from SMS Phishing Scams
Smishing is a tactic in which scammers send unsolicited messages to targets over short message service (SMS), or text messages. A newer development with this type of fraud involves scammers requesting that targets respond to messages to get around protections that automatically deactivate hyperlinks in messages received from unknown numbers.
Investor Insights
Protecting Your Investment Accounts From GenAI Fraud
Investment fraud involving the use of artificial intelligence (AI) is on the rise. Increasingly, fraudsters are using generative AI (GenAI) tools to gain access to financial accounts and create new accounts in the names of unsuspecting investors. Learn steps you can take to help protect yourself.
Investor Insights
Be Aware of Support Center Ad Scams
FINRA has observed that bad actors are using sponsored search result ads to impersonate some FINRA member firms’ support centers. When an individual clicks on the ad, instead of being directed to the firm’s page, they’re taken to a fraudulent website. The scammers then attempt to steal funds or personal information from their targets.
Investor Insights
Be Alert to Signs of Imposter Investment Scams
In investment-related impersonation schemes, scammers misuse the name of real registered investment professionals or firms to create the appearance of legitimacy. Imposter scams can be difficult to spot unless you know what you’re looking for. Here are patterns to be aware of and tips to help spot the fakes.
Investor Insights
Artificial Intelligence (AI) and Investment Fraud
The SEC, NASAA and FINRA are jointly issuing this Investor Alert to make investors aware of the increase of investment frauds involving the purported use of artificial intelligence (AI) and other emerging technologies. Bad actors are using the growing popularity and complexity of AI to lure victims into scams. Here are a few things to look out for to help you keep your money safe from these frauds.
Investor Insights
Know Before You Share: Be Mindful of Data Aggregation Risks
If putting all your financial information online in one place sounds like a good idea, there are many companies ready to help you organize your financial life. However, before you share your financial details with data aggregators, it pays to know how these services operate and how to protect yourself from potential privacy and security risks.
Investor Insights
Investor Alert: Social Media ‘Investment Group’ Imposter Scams on the Rise
FINRA has seen a recent significant spike in investor complaints resulting from recommendations made by fraudulent “investment groups” promoted through social media channels. Complaints describe bad actors, posing as registered investment advisers, who advertise “stock investment groups” on Instagram and other social media channels and then turn to encrypted group chats on WhatsApp to communicate with interested investors and pitch investments.
Investor Insights
Pretexting: Fact or Fiction?
Pretexting is a tactic that hinges on telling a compelling—but fake—story. Hackers attempt to deceive their targets by establishing a false sense of trust, using a fabricated story, or pretext, to get you to download malware, send money or share sensitive information, to name a few examples. Here are some of ways you might be targeted—and how you can thwart an attempt to coax you into believing a bogus story.
Investor Insights
Phishing Scams: Stay Clear of the Bait
Phishing scams typically involve emails that falsely claim to be from a financial institution, credit card company or other familiar organization or service. Most of these emails attempt to lure you into providing sensitive personal information by requesting that you reply to the email or click on a link that mimics a legitimate website.
Investor Insights
Are You Staying Cyber Safe? 8 Tips for Securing Your Financial Accounts
Financial institutions have an obligation to safeguard your personal financial information, but you have an important role to play as well. Understanding how customer account takeover incidents and theft of personal financial information might occur and taking steps to minimize your risk can make a difference.
Investor Education
Safeguarding Your Financial Information: An Identity Theft Prevention Checklist
Use this checklist to safeguard your sensitive information and help keep identity thieves at bay.