As if firms don’t have enough on their plate these days, a new phishing campaign has surfaced that involves fraudulent emails purporting to be from FINRA officers. The emails have a source domain name “” and request immediate attention to an attachment relating to a financial firm.

The domain of is not connected to FINRA and firms should delete all emails originating from this domain name, FINRA states. Also, FINRA has requested that the internet domain registrar suspend services for

In some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information.

In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password. FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident.

This news comes on the heels of many coronavirus-related investment account scams attempting to leverage firms’ relationships and communications with investors. Some of which have included breaches of retirement plan participant accounts as of late, that have occurred with increasing frequency.

Four common scams FINRA warns to look out for are:

  • fraudulent account openings and money transfers;
  • firm imposter scams;
  • IT Help Desk scams; and
  • business email compromise schemes.

FINRA emphasizes that, while there may not be a regulatory requirement to report the incidents outlined above, the organization urges firms to protect customers and other firms by immediately reporting scams and any other potential fraud to FINRA, the SEC and/or the FBI.

For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section within FINRA’s Report on Cybersecurity Practices.