RIAs targeted by phishing campaign impersonating SEC
The Securities and Exchange Commission (SEC) is asking RIAs to report an ongoing phishing campaign involving fraudulent emails claiming to be from the agency’s chief information officer.
The phishing emails that RIAs have received this week contain the name of SEC chief information officer David Bottom, as well as the address of the SEC’s Washington, D.C., headquarters in the signature. According to a copy of the emails shared by compliance consultancy ACA Group, the emails ask advisors to reply and confirm their email addresses.
‘As part of our ongoing efforts to ensure the confidentiality and security of sensitive information, we are reaching out to confirm your preference for secure communication,’ reads a copy of one of the fraudulent emails. ‘I have been directed to send instructions regarding a request from The U.S. Securities and Exchange Commission. Before proceeding I would like to confirm if this is the best email address to use for sending these instructions securely.’
The messages, which contain some variation, are a common form of ‘pretexting’ where scammers verify active contacts to build trust for future interactions, according to an alert shared by ACA. The sender’s email address includes ‘virumail.com’ which is not a secure or legitimate file transfer service used by the SEC.
‘We are sending out communications to our clients that advisors should remain on high alert. Reminding them not to click links, open attachments, or reply to suspicious messages,’ said Cynthia Kelly, managing director of compliance at STP Investment Services. ‘This incident reinforces the need for strong cybersecurity training, phishing simulations, and vulnerability assessments to protect firm data and client trust.’
Read what Cynthia and others had to say in Citywire RIA here.
