Representing financial professionals, financial institutions and investors in investment loss, employment and disclosure matters, and in regulatory investigations nationwide.

FINRA issues cybersecurity alert regarding phishing campaign

On Behalf of | Apr 17, 2024 | FINRA Compliance

The Financial Industry Regulatory Authority has issued a cybersecurity alert to member firms to make them aware of an ongoing phishing campaign.

FINRA said the campaign involves fraudulent emails purporting to be from FINRA executives and using the e-mail addresses “[email protected]” and “[email protected]”.  The authority said the e-mail addresses and domain “” are not connected to FINRA, and firms should delete all emails originating from these domains.

Member firms were advised to be aware that they may receive similar phishing emails from other domain names in addition to those identified in the alert.

FINRA notified firms that the emails from the domain “” state:

Attn: [Individual name],

By way of introduction, my name is Steve Randich, the Executive Vice President and Chief Information Officer, (OR Robert L.D. Colby, the Chief Legal Officer), Financial Industry Regulatory Authority (FINRA). FINRA regulatory department has made multiple attempts to contact you to deliver a notice that requires your attention.

I’m reaching out due to the importance of this notice. It is disclosed below, kindly follow the information in the letter and complete the request at your earliest convenience.

Please let me know if you have any questions or concerns.

Steve (OR Robert)

FINRA Request

Period: February 2024
Type: Confidential
Published Date: 15th March 2024
Due Date: 15th April 2024
File: FINRA_ [FIRM NAME] _Disclosure290124.pdf
Size: 342kb

Steve Randich
Chief Information Officer
Financial Industry Regulatory Authority (FINRA)
1700 K Street, NW
Washington, DC 20006

Firms were reminded to verify the legitimacy of any suspicious email before responding to it, opening any attachments or clicking on any embedded links. FINRA said it has requested that the Internet domain registrars suspend services for “”.

Firms were advised to report any phishing incidents to a local FBI Field Office, the FBI Internet Crime Complaint Center at or CISA via CISA’s 24/7 Operations Center ([email protected] or 888-282-0870).

Those with further questions about the alert or cybersecurity topics were asked to contact the FINRA Cyber and Analytics Unit.

The attorneys at Lewitas Hyman fully understand the regulatory scrutiny financial professionals and their firms face from the various regulators that oversee the financial services industry. We have decades of experience representing clients with respect to examinations, investigations and enforcement proceedings initiated by the SEC, FINRA, state securities regulatory agencies and other self-regulatory organizations. If your firm is facing an investigation from a regulatory agency, please contact Lewitas Hyman at (888) 655 6002 or through our online contact form.