Phishing targets US brokerage firms using FINRA lookalike domain

by chebbi abir

US securities industry regulator FINRA warned brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website.

FINRA (Financial Industry Regulatory Authority) is a non-profit organization supervised by the Securities and Exchange Commission (SEC) that regulates all exchange markets and securities firms publicly active in the United States.

The independent, non-governmental securities regulator also supervises more than 624,000 brokers across the US and examines billions of market events every day.

Malicious domain mimics a FINRA official site

“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain ‘’.” the stock market regulator said.

“FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”

The invest-finra[.]org domain used in these ongoing phishing campaign was registered on November 5th via the French Gandi domain name registrar.

WHOIS domain data does not provide any information on who registered the phishing domain since all personal information is redacted using the registrar’s privacy service.

FINRA has asked Gandi to suspend services for the domain due to its use in active phishing attacks before issuing the alert but, although not hosting any website, invest-finra[.]org is still reachable.

Since the domain is not connected in any way with FINRA, member brokerage firms are advised to immediately delete any and all emails received from this domain.

“FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links,” the alert adds.

“For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices -2018.”

Previous phishing attacks targeting FINRA members

Another alert issued in August alerted member firms of threat actors using a copycat site hosted at finnra[.]org that featured a registration form used to collect personal info that could later be used in spear-phishing attacks directed at FINRA members.

FINRA issued a similar notice two months ago warning member firms of widespread phishing attacks that used surveys to collect sensitive information.

In August, FINRA notified brokerage firms of threat actors using their registered brokers’ info to build convincing phishing sites.

The stock regulator also published a warning last year to inform of fraudulent emails targeting members that added authenticity to the phishing attempts by using lures featuring a USA Patriot Act provision.

To read the original articele:


Interdit de copier  ce contenu