RIAs and other financial service firms have been targeted in a phishing campaign of fraudulent emails claiming to be from David Bottom, chief information officer for the Securities and Exchange Commision (SEC). Compliance consultancy ACA Group told InvesmentNews that four of its clients reported receiving the emails since Monday, June 23, and all recipients were compliance executives at financial firms.
ACA Group shared a copy of the emails, which include the SEC’s Washington, D.C., headquarters in its signature alongside Bottom’s name and title. The sender’s email address is listed as “[email protected][.]com” which ACA Group says is commonly used in phishing attacks. The emails ask advisors to reply and confirm their email addresses, according to a screenshot shared by ACA Group.
SEC-registered investment advisors were among the ACA clients to be targeted in the phishing campaign, as well as a private equity firm and hedge fund.
“What was common amongst them, at least the ones I saw because I went back and looked up ADV filings for the various firms, is they were all on the smaller side with $1 billion or less in RAUM and roughly 10 or less employees,” Aaron Pinnick, senior manager of thought leadership at ACA Group, told InvestmentNews. “That's not necessarily a representative sample of who received it, just who forward those messages to us.”
The SEC is now asking recipients of the fraudulent email to not respond and to file a complaint to the SEC’s Office of Inspector General. In a statement to InvestmentNews, an SEC spokesperson said the agency’s Office of Information Technology notified the SEC’s Division of Examinations’ Cybersecurity Program Office of the phishing campaign, and that division is now in contact with FINRA’s Cyber Unit.
“The SEC’s Office of Information Technology (OIT) is aware of an active phishing campaign involving fraudulent emails that claim to be from agency Chief Information Officer David Bottom and appear to target SEC registrants,” an SEC spokesperson said in a statement. “The messages ask the recipients to reply and confirm their email address to enable future communication. This is commonly known as “pretexting,” a social engineering technique where scammers devise a legitimate scenario and/or use an authoritative figure to gain trust and persuade recipients to divulge sensitive information.”
An SEC Investor Alert was previously issued in 2021 that details how to detect phone calls, voicemails, emails, and letters that impersonate the regulator. Pinnick explained the initial fraudulent emails impersonating Bottom “isn't really that dangerous,” but warns that responding to the email could lead to more nefarious exposure.
“What we would expect were to happen would be after you validated your email address with the supposed CIO of the SEC, which obviously wasn't that individual, but after you validated that you would receive some sort of secure file transfer link, download attachment, etc, which, when you interact with that you would get either redirected to a malicious website, download malware or ransomware or some form of malicious code,” said Pinnick.
The Illinois order refers to Brandon Ellington’s investment program as a “Ponzi-like scheme.”
But the Amazon executive chair seems to want it both ways, arguing that taxing the ultra-wealthy won't help struggling Americans.
Northern Trust planning leader sees the bill extending qualified charitable distributions to employer plans as a potential positive step — but advisors shouldn't overlook bigger holes in the strategy.
Markets will always create reasons for investors to worry. The advisor’s role is not to predict uncertainty, but to help clients understand why volatility should not derail a well-built financial plan.
Plus, Asset-Map partners with Contio to elevate the advisor meeting experience, and MyVest claims an innovation in portfolio management with separately managed models.
As technical expertise becomes increasingly commoditized, advisors who can integrate strategy, relationships, and specialized expertise into a cohesive client experience will define the next era of wealth management
Growth may get the headlines, but in my experience, longevity is earned through structure, culture, and discipline
