The Financial Industry Regulatory Authority has issued a warning against fake domain names claiming to be from the authority circulating the internet. The Phishing scammers are using the domain names finra.eu and finrarec.com to propagate the scam.
FINRA has warned broker-dealers of an ongoing phishing campaign that involves fraudulent emails claiming to be from FINRA and using domain names that are not connected to FINRA.
The phishing emails identified in FINRA’s alert claim to be related to a case regarding funds received from the blockchain platform. The email states that the funds are frozen and under the control of FINRA due to suspicious activities, and that the form of the money is in Bitcoins. The email then requests personal information or other actions from the recipient.
FINRA has identified the domain names finra.eu and finrarec.com as being used in these phishing emails, but notes that other domain names may also be used. It is important to note that these domains are not connected to FINRA.
To protect against phishing scams, individuals should exercise caution when receiving emails or other communications that request personal information or other actions. They should not click on links or download attachments from unknown or suspicious sources. It is also important to verify the sender’s email address and to contact the purported sender through a trusted source if there is any doubt about the authenticity of the communication.
How do these scams propagate?
Scams like these can be propagated through a number of ways. These are:
- Email Spoofing: Cybercriminals can use email spoofing techniques to create emails that appear to come from a legitimate source, such as FINRA. They may use a similar email address to FINRA’s official email address or use the official FINRA logo or other branding in the email to make it appear authentic.
- Malware: Cybercriminals may also use malware to propagate the phishing scam. The fraudulent email may contain a link or attachment that, when clicked or downloaded, installs malware on the recipient’s device. This malware can then be used to steal personal information or carry out other malicious activities.
- Social Engineering: Cybercriminals may also use social engineering techniques to trick individuals into providing personal information or taking other actions. The fraudulent email may contain a message that creates a sense of urgency or fear, such as the claim that the recipient’s funds are frozen and under the control of FINRA. This can prompt the recipient to take immediate action, such as clicking on a link or providing personal information.
Regardless of the specific techniques used, it is important for individuals and member firms to exercise caution when receiving emails or other communications claiming to be from FINRA. They should verify the legitimacy of any suspicious emails before responding to them, clicking on any links, or providing any personal information.
FINRA stands for the Financial Industry Regulatory Authority. It is a self-regulatory organisation (SRO) that is authorised by the US Congress to regulate the securities industry. FINRA is responsible for regulating the activities of broker-dealers and other firms in the securities industry, including the enforcement of federal securities laws.
FINRA oversees nearly 4,000 broker-dealers and more than 600,000 registered securities representatives. It provides a range of regulatory services, including the issuance of licences, the enforcement of compliance standards, and the investigation of potential violations of securities laws and regulations.
In addition to its regulatory responsibilities, FINRA also provides resources and education to help investors make informed decisions and protect themselves from fraud and other abuses in the securities industry. It operates Investor.gov, a website that provides information and resources for individual investors, and also maintains a hotline that investors can call to report potential violations of securities laws or regulations.