For the second time in six months, FINRA, the Financial Industry Regulatory Authority, is warning financial services firms of a tricky new phishing campaign that mimics a message from the organization.

FINRA, an independent, nongovernmental organization that writes and enforces rules governing registered brokers and broker-dealer firms in the United States, issued a warning about the campaign in a regulatory notice on Tuesday.

Like a campaign the group warned about in May, these phishing messages also claim to come from FINRA, specifically FINRA's regulation department, urging members to complete a survey on its conduct and supervisory rules.

The email sounds legitimate: "We require you to complete the above survey form in full by Tuesday 13 October 2020,” it reads, “This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available." The message comes from a domain - regulation-finra.org - FINRA doesn't own, however. The organization claims some emails are preceded by "info" and a number.

At the bottom of the email, in some instances, is a picture or image the phisher hope victims will click on, FINRA said.

While it's unclear exactly what happens if users clicked on a link or image within the phishing email, the organization is warning victims who did to notify the correct authorities at their firm.

Likely because it was successful, this campaign follows a similar vector as May's, in which emails came from a domain that it looks like FINRA may own, "broker-finra.org," but is actually fake. Like it did in May, it sounds like FINRA had to work quickly to get the domain registrar overseeing "regulation-finra.org" to suspend services. When checked Wednesday, the domain appeared offline.

A sample of the phishing email can be found below:

Recipient’s Name,

FINRA has been directed to update its conduct and supervisory rules on firms that we regulate. We require you to complete the above survey form in full by Tuesday 13 October 2020. This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available. FINRA is committed to protecting the integrity and confidentiality of the data and systems. If you have any questions when completing the survey, please reply to this email for immediate assistance.

ATTN: Firm Name
Thank you,
FINRA Regulation Department

Like many industries, workers at financial services companies have found themselves the target of increased attacks since the COVID-19 pandemic began. With many workers now working from home, something that can lead to letting ones guard down, it's afforded cybercriminals the perfect opportunity to carry out attacks.

If well crafted, attacks that try to mimic a legitimate financial regulator, like FINRA, can be successful.

While not a phishing attack, FINRA warned over the summer of attackers of a fraudulent site, finnra.org, masquerading as the legitimate FINRA site. Attached to the site was a fake registration site, looking to harvest credentials and likely in turn, send emails with phishing links or attachments.