Phishing Scam Targets SEC Investors

The Securities and Exchange Commission’s (SEC) Office of Investor Education and Advocacy (OIEA) issued a warning alert earlier this month based upon a recent scam that is attempting to trick investors into confirming fraudulent transactions and/or having investors reveal their sensitive account information.

In the alert, the SEC clarified that their organization does not contact investors to confirm trades or record trade details. The impersonators have been making phone calls to investors requesting confirmation on alleged trade orders. The SEC shared an excerpt from one such phone scam attempting to coax investors into confirming fraudulent transactions:

“…I’m a senior compliance officer with the Securities and Exchange Commission…my job is to simply verify and confirm the order…so I am confirming a buy order from Mr. [name of person], who is a portfolio manager of [name of firm]…in accordance to the regulations that are set forth by the Securities and Exchange Commission on the U.S. markets, Mr. [name of investor], for the protection of both parties, what I’m going to do is record the details of the trade. It goes on file as a voice audio signature with the Securities and Exchange Commission as a regulated trade. Okay?...and it functions exactly as a fingerprint. It’s non-retractable…do I have your consent to place the order, Mr. [name of investor]?”

An audio recording of a scam impersonation is also available to listen to here.

This scam is the latest in a trend that often sees hackers and fraudsters impersonate government agencies in an attempt to solicit money and/or compromise information. During tax season, the Internal Revenue Service warned taxpayers of similar scams designed to encourage individuals to share tax-related information via email or phone.

Phishing and other social engineering schemes are designed to take advantage of humans (rather than systems) and often rely on activity from individuals who may be busy, distracted or otherwise unable to detect suspicious communications. Investors can take prudent steps to prevent falling prey to these and other schemes by employing the following information security best practices:

  • Partaking in information security awareness training to become aware of common threat types and popular scam tactics;
  • Enhancing due diligence processes when reading emails and answering phone calls (including verifying email addresses and domains and authenticating sender information); and
  • Employing proper checks and balances internally to verify legitimacy of trades and/or fund transfers before completing transactions.

If you have been contacted by someone pretending to be from the SEC, you can submit a Complaint Form to the SEC’s Office of Inspector General (OIG) or call the OIG’s toll-free hotline at (877) 442-0854.