Skip to main content
Regulatory Notice 20-12

FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA

Published Date:

Summary

FINRA warns member firms of a widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers, including Bill Wollman and Josh Drobnyk (see Attachment A). These emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to your firm. In at least in some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information. In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password. FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident.

The domain of “broker-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name. In addition, FINRA has requested that the Internet domain registrar suspend services for "broker-finra.org".   

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices -2018.

Questions regarding this Notice should be directed to Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729 or by email.

 

Attachment A – Sample Phishing Email

Subject: Action Required: FINRA Broker Notice for Firm Name

Dear __,

 

I hope you are well and keeping safe.

I have been asked to send the attached document for [Firm Name] to you. They require immediate attention.

This is important and needs to be attended to before the end of this week.

Please let me know if you have any questions.

 

Kind regards, 

Bill Wollman

Vice President, Head of Office of Financial and Operational Risk Policy