Once again cybercriminals are impersonating the Financial Industry Regulatory Authority (FINRA), which is the largest brokerage regulation company in the US. Organizations strive to be compliant with regulations, which is why receiving an email that appears to be from FINRA can be quite startling.
In this FINRA-themed phishing email, the sender’s email address uses the domain gateway[dash]finra[dot]org. The email claims that your organization has received a compliance request and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties”. The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. But if you click the link, you will be redirected to a malicious website. Don’t fall for it!
Use the tips below to stay safe from similar attacks:
- Look for threats of urgency, such as the need to pay a penalty if you don’t act quickly enough. These scams rely on impulsive actions, so always think before you click.
- Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.
- If you are worried that the email could be legitimate, reach out to the company another way. Do not click any links or use the contact information provided in an email.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team and LMT Technology Solutions