October 9, 2024
What happened?
We have received notice from multiple firms in receipt of phishing emails from the domain @gateway-finra.com that appear to be from a FINRA executive. The phishing campaigns are similar to past phishing campaigns FINRA has experienced, such as the campaign referenced in the Cybersecurity Alert that FINRA issued on April 4th, 2024.
In at least one email that is part of this phishing campaign, the body of the email uses an actual FINRA staff person’s name (Steve Randich, whose name has been used in previous campaigns), but the name in the actual email address is different. Recipients may be asked to open attached documents or links regarding an urgent notice. Member firms should be aware that they may receive similar phishing emails from other domain names, in addition to the one identified above.
Below is a sample of the phishing attack email:
Good morning, [ Recipient Name ],
I wanted to reach out and introduce myself.
My name is Steve Randich, Chief Information Officer, FINRA. I have been assigned to your firm to collect information.
Please note that this isn’t a compliance request, and we require the firm’s owner or CEO to provide the required information in strictest confidence.
Kindly follow the instructions in the attached document to file the request within the next 48 hours to avoid the penalty of paying a fine.
N.B.: This request can only be completed as directed in the request letter, it cannot be completed on the phone or through FINRA gateway. Kindly also note that I will not be reachable via phone call at this time as I am handling a number of other overdue requests.
Either way, please let me know if you have any questions, I would be more than happy to assist you.
Thank you,
Steve Randich
Chief Information Officer
Financial Industry Regulatory Authority (FINRA)
1700 K Street, NW
United States
(609) 418 – 9317
What does this mean for me and my firm?
If you or someone in your organization is the recipient of these types of phishing emails, do not click on any links or attachments. Delete all emails originating from the domain name referenced above or report the email as phishing. It is crucial to always verify the legitimacy of any suspicious email prior to responding, opening any attachments, or clicking on any embedded links. Firms should also monitor FINRA’s “Rules & Guidance” page.
Below are additional resources provided by FINRA:
If you have any questions about phishing attacks and how to protect your organization from these kinds of threats, Fairview Cyber can help. We provide essential cyber and data security services like phishing prevention training, network penetration testing, vendor due diligence, and more. Contact us today for more information about our services.
