Changeflow GovPing Securities & Investments FINRA Warns of Fraudulent Phishing Emails Purpo...
Routine Notice Added Final

FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA

Favicon for www.sos.ms.gov MS Securities Regulator
Published
Detected
Email

Summary

FINRA issued Regulatory Notice 20-12 warning member firms of a widespread, ongoing phishing campaign involving fraudulent emails purporting to be from FINRA officers including Bill Wollman and Josh Drobnyk. The emails use the domain '@broker-finra.org' which is not connected to FINRA. FINRA has requested suspension of the malicious domain and recommends deleting emails from this source and verifying the legitimacy of any suspicious emails before responding, opening attachments, or clicking links.

Published by FINRA on finra.org . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

FINRA issued a warning about a phishing campaign impersonating FINRA officials using the unauthorized domain 'broker-finra.org'. The fraudulent emails request immediate attention to attachments or direct users to websites prompting Microsoft Office or SharePoint password entry. FINRA has requested domain registrar suspension of the malicious domain.

FINRA member firms should remain vigilant for similar phishing attempts, verify the legitimacy of any communications claiming to be from FINRA, and follow firm cybersecurity protocols. Any recipient who entered credentials should immediately change passwords and notify appropriate internal personnel of the potential security incident.

What to do next

  1. Delete all emails originating from the broker-finra.org domain
  2. Verify the legitimacy of any suspicious email before responding, opening attachments, or clicking embedded links
  3. If you entered your password, change it immediately and notify appropriate individuals in your firm

Archived snapshot

Apr 16, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Regulatory Notice 20-12

FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA

Published Date:

May 04, 2020

Notice Comments

Summary

FINRA warns member firms of a widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers, including Bill Wollman and Josh Drobnyk (see Attachment A). These emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to your firm. In at least in some cases, the emails do not actually include the attachment, in which case they may be attempting to gain the recipient’s trust so that a follow-up email can be sent with an infected attachment or link, or a request for confidential firm information. In other cases, what appears to be an attached PDF file may direct the user to a website which prompts the user to enter their Microsoft Office or SharePoint password. FINRA recommends that anyone who entered their password change it immediately and notify the appropriate individuals in their firm of the incident.

The domain of “broker-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name. In addition, FINRA has requested that the Internet domain registrar suspend services for "broker-finra.org".

FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices -2018.

Questions regarding this Notice should be directed to Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729 or by ;).

Attachment A – Sample Phishing Email

Subject: Action Required: FINRA Broker Notice for Firm Name

Dear __,

I hope you are well and keeping safe.

I have been asked to send the attached document for [Firm Name ] to you. They require immediate attention.

This is important and needs to be attended to before the end of this week.

Please let me know if you have any questions.

Kind regards,

Bill Wollman

Vice President, Head of Office of Financial and Operational Risk Policy

Related changes

Favicon for www.sos.ms.gov Phishing Campaign Alert Using gateway-finra.org Domain
Priority review Apr 16, 2026 MS Securities Regulator Securities & Investments
Favicon for insurance.delaware.gov Producers and Adjusters Bulletin No. 41 - NIPR Phishing Email Warning
Routine Apr 16, 2026 DE Insurance Bulletins Insurance
Favicon for asc.alabama.gov Alabama Stablecoin Legislation Signed by Governor Ivey
Priority review Apr 16, 2026 AL Securities Commission Press Room Securities Regulation

Get daily alerts for MS Securities Regulator

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.sos.ms.gov
MS Securities Regulator sos.ms.gov/securities
Securities & Investments

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from FINRA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
FINRA
Published
May 4th, 2020
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
Regulatory Notice 20-12

Who this affects

Applies to
Broker-dealers
Industry sector
5231 Securities & Investments
Activity scope
Phishing threat response Cybersecurity warning Email security
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Securities

Browse Categories

Agriculture & Food Safety 65 AI Regulation 3 Banking & Finance 330 Consumer Protection 61 Courts & Legal 361 Data Privacy & Cybersecurity 77 Defense & National Security 51 Education 24 Energy 100 Environment 86 Environmental & Energy 26 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 278 Government Operations 107 Healthcare 142 Healthcare & Life Sciences 63 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 66 Labor & Employment 120 Legal & Judicial 26 Pharma & Drug Safety 101 Pharma & Healthcare 1 Public Health 2 Real Estate & Housing 37 Sanctions & Export Controls 1 Securities & Investments 27 Securities & Markets 103 Securities Regulation 6 Tax 65 Tax & Revenue 9 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 77

Get alerts for this source

We'll email you when MS Securities Regulator publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!