Skip to main content

For updates and guidance related to COVID-19 / Coronavirus, click here.

Regulatory Notice 20-40

FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name

Summary

FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain “@invest-finra.org”. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.

The domain of “invest-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.

FINRA has requested that the Internet domain registrar suspend services for "invest-finra.org".

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.

For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices -2018.

Questions regarding this Notice should be directed to:

  • Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729 or by email; or
  • Greg Markovich, Senior Principal Risk Specialist, Member Supervision Specialist Programs, at (312) 899 4604 or by email.