The Securities and Exchange Commission (SEC) has warned investors to be vigilant of a new scam involving communications that claim to be sent from officials acting on behalf of the commission.
The commission has been made aware of several instances where people have “received phone calls or voicemail messages that appeared to be from an SEC phone number”, according to an advisory issued by the SEC's Office of Investor Education and Advocacy (OIEA).
“The calls and messages raised purported concerns about unauthorized transactions or other suspicious activity in the recipients’ checking or cryptocurrency accounts,” warned the advisory.
The OIEA said that the calls and messages “are in no way connected to the SEC”, adding that people receiving such calls should not provide any personal information unless they have verified that they are dealing with the SEC.
The OIEA said that criminals have used the names of real SEC employees and email messages that falsely appear to be from the SEC to trick victims into transferring assets.
“Impersonation of US Government agencies and employees (as well as of legitimate financial services entities) is one common feature of advance fee solicitations and other fraudulent schemes,” said the advisory. “Even where the fraudsters do not request that funds be sent directly to them, they may use personal information they obtain to steal an individual's identity or misappropriate their financial assets.
The SEC said it does not seek money from any person or entity as a penalty for alleged wrongdoing outside of its formal enforcement process.
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID world
"Be skeptical if you are contacted by someone claiming to be from the SEC and asking about your shareholdings, account numbers, PIN numbers, passwords, or other information that may be used to access your financial accounts,” the advisory warned.
In August, IT Pro reported that the Financial Industry Regulatory Authority (FINRA) had discovered a new phishing campaign that involves fraudulent emails using domain names pretending to be the financial regulator.
The advisory said that the fake emails used the false domains @finrar-reporting.org, @Finpro-finrar.org and @gateway2-finra.org. The domains were registered on 12 August 2021.
“None of these domain names are connected to FINRA and firms should delete all emails originating from any of these domain names,” it said in the advisory.
Earlier in June, FINRA published another advisory warning of similar phishing campaign using the domain name “@gateway-finra.org.”
