Phishing Scam Targets SEC Investors
The Securities and Exchange Commission’s (SEC) Office of Investor Education and Advocacy (OIEA) issued a warning alert earlier this month based upon a recent scam that is attempting to trick investors into confirming fraudulent transactions and/or having investors reveal their sensitive account information.
In the alert, the SEC clarified that their organization does not contact investors to confirm trades or record trade details. The impersonators have been making phone calls to investors requesting confirmation on alleged trade orders. The SEC shared an excerpt from one such phone scam attempting to coax investors into confirming fraudulent transactions:
“…I’m a senior compliance officer with the Securities and Exchange Commission…my job is to simply verify and confirm the order…so I am confirming a buy order from Mr. [name of person], who is a portfolio manager of [name of firm]…in accordance to the regulations that are set forth by the Securities and Exchange Commission on the U.S. markets, Mr. [name of investor], for the protection of both parties, what I’m going to do is record the details of the trade. It goes on file as a voice audio signature with the Securities and Exchange Commission as a regulated trade. Okay?…and it functions exactly as a fingerprint. It’s non-retractable…do I have your consent to place the order, Mr. [name of investor]?”
An audio recording of a scam impersonation is also available to listen to here.
This scam is the latest in a trend that often sees hackers and fraudsters impersonate government agencies in an attempt to solicit money and/or compromise information. During tax season, the Internal Revenue Service warned taxpayers of similar scams designed to encourage individuals to share tax-related information via email or phone.
Phishing and other social engineering schemes are designed to take advantage of humans (rather than systems) and often rely on activity from individuals who may be busy, distracted or otherwise unable to detect suspicious communications. Investors can take prudent steps to prevent falling prey to these and other schemes by employing the following information security best practices:
- Partaking in information security awareness training to become aware of common threat types and popular scam tactics;
- Enhancing due diligence processes when reading emails and answering phone calls (including verifying email addresses and domains and authenticating sender information); and
- Employing proper checks and balances internally to verify legitimacy of trades and/or fund transfers before completing transactions.
If you have been contacted by someone pretending to be from the SEC, you can submit a Complaint Form to the SEC’s Office of Inspector General (OIG) or call the OIG’s toll-free hotline at (877) 442-0854.
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented was obtained from sources deemed qualified and reliable; however, MFA makes no representations as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.