January 26, 2026
What happened?
We have been notified of a recent phishing email campaign impersonating FINRA. Multiple firms have reported receiving emails that appear to be from FINRA, reference regulatory reporting requirements, and include attachments. However, these emails originate from non-FINRA domains, including “@cazepost.com,” and falsely claim to be a FINRA “email delivery service.”
In at least one email that is part of this phishing campaign, the email included “time-sensitive” attachments purportedly related to regulatory reporting and instructed the recipient to reply if they were unable to open the email attachments. As a reminder, for legitimate requests FINRA asks recipients to take action by logging on to the IARD portal—not to act directly through email.
After contacting FINRA, we also received verbal confirmation that FINRA is actively investigating these emails.
What does this mean for me?
If you or someone in your organization has received one of these phishing emails, do not click on any links or open any attachments. Do not reply to the message, delete all emails originating from the domain name referenced above, and report the email as phishing. Firms are encouraged to remain vigilant and to continue monitoring FINRA’s “Rules & Guidance” page and utilize the resources provided on FINRA’s Cybersecurity Topic Page.
