FINRA has released a warning to all firms covered under its regulatory jurisdiction about email domains being used to try and phish user data. The fraudulent email addresses have domain names that have been designed to look as though they originate from FINRA.
The regulator reports that the emails arrive into inboxes with a link in place to navigate to a request page. Here the company is prompted to enter information with the warning that refusing to do so or doing so late will incur penalties. FINRA has confirmed that the emails originating from the following domains are not from the regulator:
- @finrar-reporting.org
- @Finpro-finrar.org
- @gateway2-finra.org
Because the domains show some similarities to the official FINRA domain, it could easily confuse some people. This is especially true if they are relatively new to the company or are not particularly tech literate. FINRA has made it clear that it is important to provide training to employees to ensure that they are aware of email policy within the company.
FINRA has taken steps to attempt to have the domains suspended by the service providers of all three. However, at this moment in time, the suspension hasn’t been carried out. Firms that have received an email from any of these domains are being advised to delete the email and inform the security departments at their company.
It is also advised that if any email arrives that purports to be from FINRA, the email should be thoroughly checked to ensure that it is legitimate. Any email that says it is from FINRA should be confirmed as genuine before any response is made to the sender. This includes replying through the email itself, clicking on any link within the email, and opening attachments.
It is especially important to follow these protocols if the email is received across a secure network. A malicious email could open up sensitive information to hackers if it manages to get through security. FINRA has provided a number of cybersecurity resources for companies to ensure that they don’t become the victim of phishing campaigns.
European regulator CySEC recently issued a warning about an imposter website, hosted in India. CySEC alerted that the fraudulent website copied the original in order to trick users.