Skip to content

Scam of the Week: Scammers use FINRA as Phish Bait

Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!

The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you’ve got more questions regarding this letter don’t hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.

Here’s how you can stay safe from similar attacks:

  • By asking for your immediate response regarding an audit, the bad guys create a sense of urgency. These scams rely on impulsive actions, so always think before you click.
  • Watch for poor spelling and grammar in supposedly-official messages. Did you catch the spelling error in the example above? The word “hesitate” is misspelled as “hesistate”.
  • Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.

Content provided by KnowBe4