US brokerage firms warned of ‘FINRA Support’ phishing attacks

​US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from ‘FINRA Support.’

FINRA (Financial Industry Regulatory Authority) is a government-authorized non-profit organization that regulates all exchange markets and securities firms publicly active in the United States.

As part of its mission to protect investors, FINRA supervises more than 624,000 brokers across the US and analyzes billions of market events every day.

Phishing emails impersonate FINRA support

FINRA began warning brokers yesterday that a phishing campaign is sending emails pretending to be from ‘FINRA Support’ but are coming from a third-party domain.

“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from “FINRA SUPPORT” with the email address “[email protected]”.

“The email asks the recipient to pay attention “to the report attached below that requires your immediate response” and states that “[t]he attachment contains our updated Public Policy information.” The emails may not include an attachment.” – FINRA

Since the ‘westour.org’ domain is not connected to FINRA, brokerage firms are urged to delete any emails they receive from this domain. If they clicked on any links or opened attachments, they should immediately report the incident to their network admins.

FINRA has asked NameCheap, the Internet domain registrar used to register this domain on 5/27/21, to suspend the westour.org domain.

Previous FINRA phishing alerts

In June, FINRA warned brokerage firms that members of attackers used penalty threats as lures to get brokers to respond to the email.

In March, scammers began sending fake “FINRA Compliance Audit” emails to members to trick them into responding.

Unfortunately, even though FINRA requested that domains associated with these attacks be deleted, many domains continue to be registered at various Internet registrars.

If you receive emails claiming to be from FINRA and not using the .finra.org domain, you should immediately be suspicious and report the email to your network admins.