Alert for Investment Advisers: Beware of Phishing Emails Impersonating FINRA

April 05, 2024


Reading time : 2 minutes

Beware of Phishing Emails Impersonating FINRA

On Thursday, April 4, we received numerous inquiries from investment adviser firm owners and/or senior executives who had received an unexpected email supposedly from FINRA’s Chief Legal Officer or Chief Information Officer which utilized an email address ending in @ data-finra .org. In response, our Consulting Team contacted the IARD Entitlement Support Line which confirmed that these emails did not originate from FINRA.

Sample FINRA phishing email displaying white text on a black background

Example of Phishing Email Impersonating FINRA

What Can You Do?

  • Always verify the authenticity of emails purporting to be from regulatory bodies, especially those requesting sensitive information.
  • Educate your team about this specific phishing tactic and encourage them to report suspicious emails.
  • Implemenet and regularly update cybersecurity measures to protect your firm’s and clients’ information.

It is important to remain alert and cautious. If you receive an unexpected or unusual email supposedly from a regulator, do not immediately respond, click on any links, or download attachments. Instead, report the incident to FINRA’s Entitlement Support Line (if IARD account related), independently verify the legitimacy of the email with the regulator and notify your IT security team and compliance and legal professionals.

Stay informed, stay secure.

Important Information

This post is for general educational purposes only and should not be considered advice to the reader. This post should not be treated as a comprehensive analysis of this topic. While we strive to ensure the accuracy and reliability of the information provided, we do not guarantee its completeness. A client relationship is not created by merely reading this post. For additional information or specific guidance, the reader should consult with his or her information security staff, compliance professional and legal counsel for advice tailored to the reader’s specific circumstances. RIA Compliance Consultants, Inc. is not an information security or cybersecurity consultant.

Posted by RCC
Labels: Cybersecurity, FINRA, Information Security
Tagged: ,