The US Financial Industry Regulatory Authority (FINRA) alerts US contribute corporations and brokers of an active phishing operation impersonating FINRA officials and asking them to hand over critical data under the threat of penalties.

FINRA is a non-profit organization supervised by the Securities and Exchange Commission (SEC) and authorized by the US government to adjust all publicly ongoing securities organizations and exchange markets. This independent, non-governmental securities regulator supervises over 600,000 brokers across the nation and preserves track of billions of market events every day.

Imitating FINRA Domain Names Used For Phishing

In a notice issued on Friday, the US financial industry regulator said that the phishing message is being transmitted from multiple domains impersonating FINRA official sites. The attackers are using at least three different domains in this campaign (i.e., finrar-reporting org, finpro-finrarorg, and gateway2-finra.org).

“The email asks the beneficiary to click a link to ‘view request’ and provide data to ‘complete’ that request, noting that ‘late submission may attract penalties’, the regulatory notice reads.” This technique is designed to add immediate to the attackers’ demand, with the hope that the victims would answer their request before checking the emails’ legitimacy.

“FINRA suggest that anyone who clicked on any link or image in the email urgently alerted the appropriate individuals in their organization of the incident,” the regulator added.

Brokerage Corporation and their employees are urged to verify the legitimacy of all suspicious emails before reverting, launching attachments, or clicking on embedded links.

The domains are utilized in these active phishing attacks were certified on Thursday, August 12, utilizing the services of the Hosting Concepts B.V. and NameCheap registrars.

Before concerning the warn, FINRA asked the Internet domain registrar to suspend services for the malicious domains due to their utilization in ongoing phishing attacks.

As per the US financial market regulator, none of the domain names utilized to transmit phishing messages are connected to FINRA. Firms getting phishing emails originating from these domain names are suggested to remove them urgently.

“For more details, firms should review the resources facilitated on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices – 2018,” FINRA added.   

Similar Phishing Attack Spotted in June

While the financial regulator rarely issues such regulatory notices, it has posted three of them this year, all of them alerting brokers of phishing attacks targeting their information.

In June, FINRA alerted of a very similar operation also threatening recipients with penalties following failure to submit the requested data in a timely fashion.

Another alert, issued in March, alerted US brokers of a phishing campaign using fake compliance audit alerts to harvest brokers’ information. Last year, brokerage firms were warned of spear-phishing attacks that redirected targets to a fake registration form hosted on the finnra.org copycat site.