Skip to main content

Cybersecurity Alert - April 27, 2022

On April 25, FINRA issued an alert to member firms which highlighted a phishing attack using the domain name “@claims-finra.org”. This alert is to warn you about a new, potentially related, phishing attack also purporting to be from FINRA. This new attack may use the same FINRA staff person’s name as the prior attack and may look like it was sent from that staff member’s “finra.org” email address. It also may ask the recipient to click on a “View Request” button; doing so generates an email addressed to the “@claims-finra.org” domain. As stated in our prior Cyber Alert, the domain “claims-finra.org” is not connected to FINRA. Recipients of this phishing attack should NOT click on the “View Request” button and delete all emails originating from this domain name.

A sample of the phishing attack email follows below:

Request ID
4489319

Date Requested
04/27/2022

FINRA Requester
FINRA staff member name

Email: recipient email address

Request for documents


Risk Monitoring Analyst Request

Due: 04/29/2022


Dear Recipient name,

Please find the request for firm name. The Secretary of State has requested that you provide a “signed” response to the request. Kindly view the request and respond with the required information As instructed in the letter, I will keep this request open until Friday 04/29/22.

FINRA staff member name
Principal Risk Monitoring Analyst
FINRA


FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.

FINRA continues to work to have the Internet domain registrar suspend services for "@claims-finra.org."

For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices - 2018.

Questions regarding this alert should be directed to NCFC’s Cyber Security Group (CSG).