Frms and advisors were hit with a phishing scam this week from fraudsters imitating FINRA executives, according to the brokerage regulator.
According to a FINRA cybersecurity alert issued Wednesday, the “ongoing” phishing campaign entails scammers sending emails posing as FINRA leaders with a PDF attachment that the regulator warned could include “malicious” content. It’s unknown how many firms and advisors were affected.
In the emails, the scammers claim to be a FINRA executive trying to collect information from the member firm’s owner or CEO. In the sample email posted by FINRA, the scammers told the recipients to follow the directions in an attached document in the next 48 hours “to avoid the penalty of paying a fine.”
FINRA noted the scammers tried to sidestep an advisor’s due diligence by saying the request couldn’t be fulfilled by contacting FINRA directly or via the regulator’s Firm Gateway. While FINRA’s initial analysis showed the PDF was blank, they cautioned it could still be dangerous; scammers likely designed the email and attachment to encourage interaction.
“The email addresses, domains and PDF file are not connected to, or endorsed by FINRA, and firms should delete all emails originating from these domains, consider blocking the fraudulent domains at the firewall, as well as leveraging the hash and file name in network threat monitoring,” the FINRA alert stated.
According to Max Schatzow, a partner with RIA Lawyers, he’d been contacted by several firms with hundreds of millions in managed assets and one firm with billions in AUM that had received the phishing email.
Schatzow posted an example of the email on X (formerly Twitter), and several advisors responded that they’d received the same email that morning, including Daniel Yerger, a financial planner and president of the Colorado-based My Wealth Planners.
Yerger said this was the first time he’d personally received a scam email impersonating FINRA executives, but he recalled other advisors saying a different scam had used the same domain approximately a year earlier.
The domains the scammers used to impersonate FINRA executives include “gateway-finra.com” and “gateways-finra.org,” though FINRA cautioned that they’d likely rotate to other lookalike domains to keep the scam running. Regulators warned firms to be on the lookout for similar emails from other domain names.
In April, FINRA released a similar cybersecurity alert warning firms to be on the lookout for scam emails purportedly from FINRA executives using the domain “data-finra.org.” In both scams, some of the emails purported to be from Steven J. Randich, an executive vice president and CIO with FINRA who oversees technology.
In the past several years, the brokerage regulator has released several other cybersecurity alerts warning advisors about phishing scams, including one that tried to get recipients to click a link to “book a meeting” with a FINRA representative.