A new phishing campaign is targeting SEC-registered advisors by claiming to be from the regulator’s chief information officer.
The compliance firm ACA Group first became aware of the phishing campaign on Tuesday. Though the scope of the campaign is hard to ascertain, ACA Group revealed in an alert issued Wednesday that they’d heard from multiple clients about the scam email purporting to be from SEC CIO David Bottom.
The emails include some variations, but all include “virumail.com” following the “sec.gov” included in the sender’s email. According to ACA Group, Virumail is “commonly used in phishing attacks to spoof legitimate email addresses.” In the messages, the sender asks the recipient to reply and confirm their email address to secure future communications.
“This is a common form of ‘pretexting’ used in phishing scams to verify active contacts and build trust in future interactions,” the ACA alert read. “Since this message was benign, the recipient is more likely to interact with the next message, which will likely redirect to a harmful site, trick them into downloading malware, or result in some other harm.”
The alert includes a sample email sent to a client, with the affected firm name redacted. The group urged clients who get an email like that not to click on any links, respond to the email or download attachments and to be cautious of “alarmist” email subject lines. The group also suggested firms confirm SEC emails by “contacting a trusted SEC representative.”
“Do not use the details provided in the suspicious email—instead, refer to contact information listed on the SEC’s website or from another reliable source your firm already uses,” the alert read.
The SEC did not respond to a request for comment prior to publication.
Fraudsters impersonating regulators continue to target registered firms and advisors. Last autumn, FINRA warned reps about an ongoing phishing campaign from scammers posing as FINRA leaders. The campaign included a PDF attachment that could contain malicious content.
In the emails, the scammers claimed to be FINRA executives trying to collect information from the member firm’s owner or CEO. They often told the recipients to follow the directions included in the attached document within 48 hours to avoid penalties or fines. The scammers tried to sidestep reps’ due diligence by saying the request couldn’t be fulfilled by contacting FINRA.
Though it wasn’t clear how many firms were affected, Max Schatzow, a partner with RIA Lawyers, said several firms had contacted him with hundreds of millions in managed assets, and one firm with billions in AUM that had received phishing attempts.
Take a look at our comprehensive guide to the best and most popular information ebooks and products available today on Detoxing, Colon Cleansing, Weight Loss and Dating and Romance. They are all in one spot, easy to find and compere to make a quick selection for the product that best fits your needs or wants.
So browse through a category and make your preferred selection and come back here to read more choice articles and get a few more helpful tips on ways to help your enhancement.
As an Amazon Associate I earn from qualifying purchases. “saubiosaubiosuccess.com is a participant in third party affiliate and advertising programs; The Amazon Services LLC Associates Program, Awin network, and other affiliate advertising programs are designed to provide a means for sites to earn advertising fees and commissions by advertising and linking to products on other sites and on Amazon.com. Amazon and the Amazon logo are trademarks of Amazon.com, Inc, or its affiliates.”
We use anonymous cookies and various 3rd-party services to optimise and to offer you a better, more personalised, browsing experience with advanced accessibility enhancements.
Dismiss
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
