The Securities and Exchange Commission is warning investors to beware of scammers impersonating government officials in phone calls and messages, marking the latest effort by fraudsters invoking the authority of the government in an effort to fleece ordinary Americans.
The alert cites misleading emails, letters, phone calls and voicemails that appear to come from the market regulating agency. The messages purport to raise concerns about suspicious activity or unauthorized transactions in people’s checking or cryptocurrency accounts.
“SEC staff do not make unsolicited communications — including phone calls, voicemail messages, or emails — asking for payments related to enforcement actions, offering to confirm trades, or seeking detailed personal and financial information,” read the SEC investor alert published Friday. “Be skeptical if you are contacted by someone claiming to be from the SEC and asking about your shareholdings, account numbers, PIN numbers, passwords or other information that may be used to access your financial accounts.”
The SEC said anyone receiving an unsolicited message or call from someone claiming to be with the SEC may call the agency’s personnel locator to determine if the person is actually from the SEC. The SEC’s alert also encouraged people to email its help@SEC.gov account or call the agency to check about the communications.
The agency focused on preventing market manipulation is not the only one facing off with scammers purporting to be from the federal government. Earlier this month, FBI officials said they had learned of a software misconfiguration that allowed a hacker to send fake emails from an “@ic.fbi.gov” email account.
“While the illegitimate email originated from an FBI-operated server, that server was dedicated to pushing notifications for [Law Enforcement Enterprise Portal] and was not part of the FBI’s corporate email service,” the Bureau said in a statement on Nov. 14. “No actor was able to access or compromise any data or [personally identifiable information] on the FBI’s network.”
The scammers’ success impersonating government officials has rankled Congress. At a House Oversight Committee hearing about criminal hackers last week, Rep. Jody Hice, Georgia Republican, questioned an FBI official over how state and local government officials should rely on FBI communications in the future if hackers can compromise the messages it sends.
“I just want to make sure we’re protecting state and local officials. How do they know what’s coming from the FBI is [accurate] if what we saw last week, this past weekend, happens again?” asked Mr. Hice.
Bryan Vorndran, assistant director in FBI’s cyber division, answered that the bureau knew specifically how the “isolated incident” occurred and believed it could prevent the same thing from happening again.
“That software application and associated hardware was taken immediately offline, so we consider the incident contained and we don’t think it’ll impact any future communications coming out of that email server,” said Mr. Vorndran.
Mr. Hice responded that he did not think Mr. Vorndran answered his question.
The problem of the fake communications potentially duping Americans is not limited to victims who are investors or state and local officials interacting with the FBI, but it could reach many more people, including those traveling for the upcoming holiday season. Cybersecurity company Abnormal said last week it observed a “:phishing” email where the scammer targeted victims hoping to renew their membership in the Transportation Security Administration’s PreCheck program for expedited security screening.
“While the email wasn’t sent from a .gov domain, the average consumer might not immediately reject it as a scam, particularly because it had the term ‘immigrationvisaforms’ in the domain,” wrote Rachelle Chouinard, Abnormal threat intelligence analyst, on the company’s blog. “The email instructed the user to renew their membership at a quasi-legitimate-looking website.”