Regulation and Compliance Federal Regulation FINRA

Brokers Beware: FINRA Warns Member Firms of Impostor Site

News August 17, 2020 at 03:19 PM
Share & Print

Woman typing on a laptop with FINRA logo on the screen. (Photo: Shutterstock)

The Financial Industry Regulatory Authority warned member firms about a new impostor FINRA website that has an extra "n" in its domain name and could be used by bad actors for a wide range of destructive actions if brokers aren't careful.

The new imposter website, www.finnra.org, should not be confused with FINRA's real website, www.finra.org, the self-regulatory group pointed out last week in a notice at its site.

The "finnra.org" domain is "not connected to FINRA and firms should delete all emails originating from this domain name," it said.

The impostor website looks nearly identical to the actual FINRA site. It contains links to a registration site that is not legitimate, FINRA noted.

It is also "possible bad actors could leverage the domain to send fake emails including those with imbedded phishing links or attachments containing malware," FINRA warned.

Fraud continued to be a major challenge that broker-dealers faced during the COVID-19 pandemic, with the "biggest potential problem" being phishing attacks, Bill Wollman, an executive vice president at FINRA and head of its office of Financial and Operational Risk Policy, said in May.

In Regulatory Notice 20-12issued May 4, FINRA warned of "a widespread, ongoing phishing campaign that involved fraudulent emails" that claim to be from FINRA officers. The emails had a source domain name "@broker-finra.org" and requested immediate attention to an attachment relating to a broker-dealer firm. The domain of broker-finra.org was not connected to FINRA and firms should delete all emails originating from this domain name, FINRA stated at the time.

FINRA has now requested that the Internet domain registrar suspend services for "finnra.org," it said in its Aug. 12 notice.

FINRA also reminded firms to "verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links."

For more information, firms were told to review the resources provided on FINRA's Cybersecurity Topic Page, including the Phishing section of its Report on Cybersecurity Practices – 2018.

FINRA
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

FINRA Fines CUNA Brokerage Services Over Deleted Rollover Records FINRA Files to Raise Fees Starting in 2025 Osaic Failed to Supervise Trading in Dead Client's Account: FINRA What's at Stake in the Ameriprise-LPL Fight Over Client Data Morgan Stanley to Pay $1M Over Lack of Risk Controls Rep Churned Senior Business Owner's Account, Violated Reg BI: FINRA

Resource Center

Can Systematic Risk Be Reduced? link

Guide

Can Systematic Risk Be Reduced?

The Business Model Playbook: Mastering Technology for Firm Success link

Playbook

The Business Model Playbook: Mastering Technology for Firm Success

Harnessing AI to Power Advisor-Client Relationships link

White Paper

Harnessing AI to Power Advisor-Client Relationships