IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FINRA warns of phishing campaign exploiting imposter domain names

The US regulator has requested that domain registrars suspend at least three fraudulent domains

The Financial Industry Regulatory Authority (FINRA) has warned of a new phishing campaign that involves fraudulent emails using domain names pretending to be the financial regulator.

In an advisory, the regulator said that the fake emails used the false domains @finrar-reporting.org, @Finpro-finrar.org and @gateway2-finra.org. The domains were registered on 12 August 2021.

It said that these emails asked recipients to click a link to “view request” and provide information to “complete” that request, noting that “late submission may attract penalties.”

The regulator that anyone who clicked on any link or image in the email should immediately notify the appropriate individuals in their firm of the incident.

“None of these domain names are connected to FINRA and firms should delete all emails originating from any of these domain names,” it said in the advisory.

FINRA also urged any companies receiving such messages to verify the legitimacy of any suspicious email before responding, opening any attachments, or clicking on any embedded links. It has requested that the relevant Internet domain registrars suspend services for all three domain names.

"For more information, firms should review the resources provided on FINRA’s Cyber Security Topic Page, including the Phishing section of our Report on Cybersecurity Practices - 2018," FINRA added.

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastFree download

Earlier in June, FINRA published another advisory warning of similar phishing campaign using the domain name “@gateway-finra.org.” Like the present campaign, this one also asked recipients to click a link to “view request” and provide information to “complete” that request, noting that “late submission may attract penalties.”

In March, the regulator issued an advisory about a phishing campaign using “@finra-online.com” as a fake domain name to catch victims unawares. It said at the time that this domain name was “not connected to FINRA and firms should delete all emails originating from this domain name”.

Finra isn’t the only regulator to be targeted by phishers recently, as the Cyprus Securities and Exchange Commission (CySEC) recently issued a warning about a fake website impersonating them and hosted in India.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022