Access Management , Cybercrime , Fraud Management & Cybercrime

FINRA Warns of Phishing Emails Targeting Members

Campaign Designed to Harvest Credentials of Financial Industry Regulatory Authority Members
FINRA Warns of Phishing Emails Targeting Members

The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members.

See Also: Hunting Money Mules with a 360-Degree View of Identities

In an alert issued Monday, FINRA notes that the phishing emails bear the names of Bill Wollman or Josh Drobnyk, vice presidents of the organization. The emails appear to originate from a domain called "," which is not associated with FINRA.

The messages, which carry the subject line "Action Required: FINRA Broker Notice for [Firm Name]," ask recipients to take immediate action and open a file, which is sometimes a PDF document, according to the alert. The attachments direct the recipient to a website, which asks for a username and password for a Microsoft Office or SharePoint account, according to the alert.

"FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident," the alert states.

The phishing campaign is ongoing, FINRA says. But a representative of the organization declined to comment beyond the information released Monday, which did not specify whether any FINRA members had their credentials stolen.

FINRA oversees about 4,250 brokerage firms and exchange markets and has nearly 625,000 registered members, according to the organization's statistics for 2019. It has about 3,600 employees.

Phishing Emails

A sample phishing email released by FINRA only asks the recipient to open an attached file that "requires immediate attention."

Phishing email impersonating FINRA executive (Source: FINRA)

"In some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information," according to the alert. FINRA did not provide other details about those messages.

In March, FINRA released another notice to its members warning about increasing cyberthreats as a result of the COVID-19 pandemic leading to a shift to working at home.

Another recent phishing campaign targeted business executives in an attempt to harvest credentials for their their Microsoft Office accounts (see: Phishing Campaigns Target Senior Executives via Office 365).

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.