Wall Street Regulator Sounds Alarm over Email Phishing Scam

Fake emails purporting to be from the US Financial Industry Regulatory Authority (FINRA) have been sent to thousands of potential market participants around the world, according to an FINRA statement.

The mass email scam appears to be from the source domain name “@invest-finra.org”. Like a campaign the group warned about in October, the self-regulator has also alerted investors to avoid a phishing email that is requesting broker-dealers to fill out a fraudulent FINRA study.

In a notice posted on its website Today, FINRA said it “warns member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain “@invest-finra.org”. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”

Finally, the Wall Street’s industry-funded watchdog has requested that the internet domain registrar suspend services for “invest-finra.org”, adding that it advised firms to delete all emails originating from this source.

Brokers warned over scam emails

Over the last few months, the FINRA has repeatedly warned financial services firms of tricky new phishing campaigns that mimic a message from the nongovernmental organization.

Typically, the fraudsters use special software to make the message appear genuine. Recipients are often invited to click on a link that appears to take them to the watchdog’s website. Instead, they go to a false website that tries to steal sensitive information from those targeted, which can be used later without their knowledge to commit fraud.

The watchdog also pointed to its guidance on fake emails, websites, letters and phone calls on its website. The regulator said anyone in doubt about the authenticity of contact or receives such correspondences should contact the relevant authorities.

The FINRA also urged anyone who entered their password to change it immediately and notify the appropriate individuals in their firm of the incident. Further, it has provided details on how to identify spoof emails in a dedicated section on its website.

Source: Read Full Article