The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

FINRA Warns Financial Services Firms of New Phishing Campaign

by Chris Brook on Wednesday October 7, 2020

Contact Us
Free Demo

FINRA, a self-regulatory organization that oversees brokers and broker-dealers, is warning about a new phishing attack that looks like its coming from the organization.

For the second time in six months, FINRA, the Financial Industry Regulatory Authority, is warning financial services firms of a tricky new phishing campaign that mimics a message from the organization.

FINRA, an independent, nongovernmental organization that writes and enforces rules governing registered brokers and broker-dealer firms in the United States, issued a warning about the campaign in a regulatory notice on Tuesday.

Like a campaign the group warned about in May, these phishing messages also claim to come from FINRA, specifically FINRA's regulation department, urging members to complete a survey on its conduct and supervisory rules.

The email sounds legitimate: "We require you to complete the above survey form in full by Tuesday 13 October 2020,” it reads, “This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available." The message comes from a domain - - FINRA doesn't own, however. The organization claims some emails are preceded by "info" and a number.

At the bottom of the email, in some instances, is a picture or image the phisher hope victims will click on, FINRA said.

While it's unclear exactly what happens if users clicked on a link or image within the phishing email, the organization is warning victims who did to notify the correct authorities at their firm.

Likely because it was successful, this campaign follows a similar vector as May's, in which emails came from a domain that it looks like FINRA may own, "," but is actually fake. Like it did in May, it sounds like FINRA had to work quickly to get the domain registrar overseeing "" to suspend services. When checked Wednesday, the domain appeared offline.

A sample of the phishing email can be found below:

Recipient’s Name,

FINRA has been directed to update its conduct and supervisory rules on firms that we regulate. We require you to complete the above survey form in full by Tuesday 13 October 2020. This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available. FINRA is committed to protecting the integrity and confidentiality of the data and systems. If you have any questions when completing the survey, please reply to this email for immediate assistance.

ATTN: Firm Name
Thank you,
FINRA Regulation Department

Like many industries, workers at financial services companies have found themselves the target of increased attacks since the COVID-19 pandemic began. With many workers now working from home, something that can lead to letting ones guard down, it's afforded cybercriminals the perfect opportunity to carry out attacks.

If well crafted, attacks that try to mimic a legitimate financial regulator, like FINRA, can be successful.

While not a phishing attack, FINRA warned over the summer of attackers of a fraudulent site,, masquerading as the legitimate FINRA site. Attached to the site was a fake registration site, looking to harvest credentials and likely in turn, send emails with phishing links or attachments.

Tags: Industry Insights

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.