FINRA Warns Of Imposter Brokerage Websites

April 30, 2019

The proliferation of "website spoofing" has apparently spread into the FINRA member firm community, which prompted the publication of "Imposter Websites Impacting Member Firms" (FINRA Information Notice / April 29, 2019) http://www.finra.org/sites/default/files/notice_doc_file_ref/Information-Notice-042919.pdf As reported in part in FINRA's Information Notice:

[A]n imposter website typically is designed to mimic a member firm's actual website to obtain existing or potential clients' personally identifiable information (PII) or login credentials, which the website sponsors subsequently use to engage in financial fraud. Malicious parties have been targeting member firms regardless of whether those firms have an existing online presence. In some cases, they have also created email domains and accounts to correspond to the imposter websites. While this is not a new attack strategy, FINRA has observed that the frequency of such attacks on broker-dealers may be increasing.

As noted in the FINRA Information Notice, imposter websites are not new. For many years, spoof websites have appeared in forms that use a similar URL to one already used by the targeted site; for example, www.MerilLynch rather than www.MerrillLynch. Variants on that theme include the use of shadow or cloaked versions of the targeted site. For an excellent primer on the most popular forms of website spoofing and how to detect them, watch:


In attempting to offer its member firms some guidance on how to detect attempts to spoof their sites, the FINRA Information Notice offers the following actions that can be taken to deactivate the imposter sites [Ed: footnote omitted]:
  • Report the attack to local law enforcement, the nearest Federal Bureau of Investigation (FBI) field office or the Bureau's Internet Crime Complaint Center, and the relevant state's Attorney General via their websites or, if possible, a phone call.
  • Run a "WHOis" search (www.whois.net) on the site to determine the hosting provider and domain name registrar associated with the imposter website (which may be the same organization in some instances). In some cases, this site also provides relevant contact information. 
  • Submit an abuse report to the hosting provider or the domain registrar asking them to take down the imposter website. Keep the pressure on these providers with repeated calls or emails, or, if necessary, seek the assistance of an attorney, cybersecurity specialist or consultant. 
  • Seek the assistance of a cybersecurity specialist attorney or consultant who deals with this type of fraud as they may have some law enforcement or hosting provider contacts or potential legal or other steps not outlined above.
  • Notify the U.S. Securities and Exchange Commission (SEC), FINRA or other securities or financial regulators. 
  • Consider posting an alert on your website and sending email notifications to warn clients of the imposter website(s) and the associated URL(s). Report the attack to local law enforcement, the nearest Federal Bureau of Investigation (FBI) field office or the Bureau's Internet Crime Complaint Center, and the relevant 
Bill Singer's Comment

First and foremost, compliments to FINRA for issuing a timely and useful notice. As the FINRA Information Notice warns, the frequency of website attacks targeting the FINRA member community appears on the upswing. I know from my own conversations with clients and colleagues that there is increased activity. Oddly, just before I authored this article, I attempted to log onto an industry consultant's website and found it had been hijacked to promote a pill mill. 

The only critique I would offer FINRA is that it should have created an online video similar to the one that I used above and embedded that into the FINRA Information Notice. FINRA has a penchant for producing and posting a lot of crappy videos -- many of which are self-promotional and boring. Here was a perfect opportunity to produce a useful video about a pernicious threat to the industry. FINRA should better utilize its video capabilities to educate its members, their associated person, and industry customers.