FINRA’s Name Used in New Attempts to Scam Investors
FINRA's recent Investor Alert was an eery one, given that the FINRA name itself is being used by scammers to lure in unwitting investors.
The Financial Industry Regulatory Authority warned broker-dealers and retail investors alike about phishing emails that purport to be from the self-regulator.
In Regulatory Notice 20-12, FINRA pointed out fraudulent emails purporting to be from FINRA officers, including Bill Wollman and Josh Drobnyk. These emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to your firm. In at least in some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information. In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password.
FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident. The domain of “broker-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.
What to Do If You Think You've Been Contacted by a Scammer
FINRA and the SEC have extensive resources for reporting and detecting potential scams. You can call them or visit their websites - their real ones! - and make inquiries. If you are given a name by the representative who has contacted you, you may also use FINRA's database, BrokerCheck, to determine whether the person is a registered member of FINRA and permitted to trade securities to the public.