Skip to main content
Regulatory Notice 21-30

FINRA Alerts Firms to a Phishing Email Campaign Using Multiple Imposter FINRA Domain Names

Published Date:

Summary

FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from FINRA and using one of at least three imposter FINRA domain names:

  • “@finrar-reporting.org”
  • “@Finpro-finrar.org”
  • “@gateway2-finra.org”

The email asks the recipient to click a link to “view request” and provide information to “complete” that request, noting that “late submission may attract penalties.”

FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.

None of these domain names are connected to FINRA and firms should delete all emails originating from any of these domain names.

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding, opening any attachments or clicking on any embedded links.

FINRA has requested that the relevant Internet domain registrars suspend services for all three domain names.

For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices - 2018.

Questions regarding this Notice should be directed to:

  • Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729 or by email; or
  • Greg Markovich, Senior Principal Risk Specialist, Member Supervision Specialist Programs, at (312) 899-4604 or by email.