The Financial Industry Regulatory Authority has warned its member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain “@invest-finra.org.”
The domain of “invest-finra.org” is not connected to FINRA, and firms should delete all emails originating from this domain name. Anyone who clicked on a link or image in the email should immediately notify the appropriate individuals in their firm of the incident, the regulator said.
In addition, FINRA has requested that the internet domain registrar suspend services for “invest-finra.org”.
FINRA said that firms should verify the legitimacy of any suspicious email prior to responding to it, opening any attachments, or clicking on any embedded links.