- A spoofed FINRA domain that looks exactly like the original is attempting to steal member PII.
- The organization has warned the public through a notice on the website and calls everyone to be careful.
- The group behind the fake portal has left evidence of malicious intentions on YouTube in the past.
FINRA (U.S. Financial Industry Regulatory Authority) has issued a warning notice to alert members and firms about the existence of a fake website that impersonates the real portal. The phishing website is using the domain name “www.finnra[.]org”, so it has an extra “n” in the name, hoping that visitors won’t notice this admittedly small detail.
At the time of writing this piece, the imposter site is still online, featuring the same theme, posts, and content as the original. So, the creators of the fake website put some work into creating a convincing portal that looks exactly like the real thing.
Obviously, the purpose of creating the masqueraded website isn’t to steal traffic and make money from ads, but to phish people’s data. More specifically, there’s a registration form on the malicious domain that requests the person’s full name, geographical address, phone number, email address, marital status, and gender.
This is a pretty typical form that shouldn’t raise suspicions, as it doesn’t ask for credit card numbers, PINs, and other things that would immediately give away the nature of the website. That said, the actors are playing it safe but still get to steal highly valuable PII from the victims.
The official instruction from FINRA is to keep an eye on the domain name and to avoid clicking on the “Register” button located at the top right. On the real site, that would be the “Log In” button. For more questions about this, FINRA advises existing or aspiring members to reach to Dave Kelley, Director, Member Supervision Specialist Programs, calling (816) 802-4729.
This is really straightforward, though, so all you need to do is pay attention to the domain name you have landed on. That should be a standard practice when browsing online in general. If you receive an email from a finnra[.]org domain, which is a possibility, delete it immediately. If you already registered on the spoofed website, reset whatever you can, and watch out for more incoming scam emails.
Bleeping Computer did some investigation on the domain name and found out that it’s related to the “x32team.website”. The group behind that domain is the same, which uploaded a video tutorial on how to create malicious documents on YouTube.
Also, the same IP address is hosting the “us-govt.com” domain, which looks genuinely phishy too. That said, if you’ve had any doubts about the real intention and motives of the person(s) behind the fake FINRA domain, the above part should clear them up.