There has been a recent wave of cybercriminals impersonating the Financial Industry Regulatory Authority (FINRA). Because organizations strive to be compliant with regulations, receiving an email from FINRA can be quite startling and cause recipients to inadvertently fall for the scam.
In this FINRA-themed phishing email, the sender’s email address uses the domain gateway-finra.org. The email claims that your organization has received a compliance request and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties.” The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. However, clicking the link will redirect you to a malicious website.
Use these 3 tips to stay safe from these types of attacks:
- Look for threats of urgency, such as the need to pay a penalty if you don’t act quickly enough. These scams rely on impulsive actions, so always think before you click.
- Check who sent the email. In this case, while the email address includes the name FINRA, it did not use the official FINRA.org domain.
- If you are worried that the email could be legitimate, reach out to FINRA another way. Do not click any links or use the contact information provided in the email.
You may also like: