FINRA Warns on a Phishing Email Campaign Using Imposter Domain Names

by Felipe Erazo
  • At least three domains were detected by the regulator which already requested the domain registrar to suspend them.
FINRA Warns on a Phishing Email Campaign Using Imposter Domain Names
Finance Magnates
Join our Telegram channel

The Financial Industry Regulatory Authority (FINRA) issued a warning on Friday about an ongoing phishing email campaign that uses imposter regulator’s domain names. According to the advisory, the fraudulent emails use the following domains: @finrar-reporting.org, @Finpro-finrar.org and @gateway2-finra.org.

The regulator stated that the emails ask recipients to click on a link under the phrase 'view request' and then calling the people to fulfil the information to 'complete' such a request. In fact, fraudsters add a note that failing to do so could attract penalties. “FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident. None of these domain names are connected to FINRA, and firms should delete all emails originating from any of these domain names,” FINRA said.

Furthermore, the entity already requested the domain registrar of such imposter domains to suspend them. As of press time, there are only reports of these three domain names being used in the phishing campaign that impersonates FINRA. “FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding, opening any attachments, or clicking on any embedded links,” the authority added.

CySEC Also Victim of a Fake Website Impersonating Them

Another regulator but in Europe had been recently a victim of an impersonation campaign. The Cyprus Securities and Exchange Commission (CySEC) issued a warning yesterday about a fake website impersonating them and hosted in India. According to the letter, the bogus site copied all the content illegally from the original CySEC website, falsely giving the impression that it is the real watchdog.

The fake domain is cysecgov.com, while the official CySEC website is www.cysec.gov.cy. “This website is a scam and not associated with CySEC. Another distinction is that all the announcements on the website that illegally copies that of CySEC are only until October 2020. The real CySEC website has announcements up until this month, August 2021,” the financial watchdog pointed out.

The Financial Industry Regulatory Authority (FINRA) issued a warning on Friday about an ongoing phishing email campaign that uses imposter regulator’s domain names. According to the advisory, the fraudulent emails use the following domains: @finrar-reporting.org, @Finpro-finrar.org and @gateway2-finra.org.

The regulator stated that the emails ask recipients to click on a link under the phrase 'view request' and then calling the people to fulfil the information to 'complete' such a request. In fact, fraudsters add a note that failing to do so could attract penalties. “FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident. None of these domain names are connected to FINRA, and firms should delete all emails originating from any of these domain names,” FINRA said.

Furthermore, the entity already requested the domain registrar of such imposter domains to suspend them. As of press time, there are only reports of these three domain names being used in the phishing campaign that impersonates FINRA. “FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding, opening any attachments, or clicking on any embedded links,” the authority added.

CySEC Also Victim of a Fake Website Impersonating Them

Another regulator but in Europe had been recently a victim of an impersonation campaign. The Cyprus Securities and Exchange Commission (CySEC) issued a warning yesterday about a fake website impersonating them and hosted in India. According to the letter, the bogus site copied all the content illegally from the original CySEC website, falsely giving the impression that it is the real watchdog.

The fake domain is cysecgov.com, while the official CySEC website is www.cysec.gov.cy. “This website is a scam and not associated with CySEC. Another distinction is that all the announcements on the website that illegally copies that of CySEC are only until October 2020. The real CySEC website has announcements up until this month, August 2021,” the financial watchdog pointed out.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}