RIAs and other financial service firms have been targeted in a phishing campaign of fraudulent emails claiming to be from David Bottom, chief information officer for the Securities and Exchange Commision (SEC). Compliance consultancy ACA Group told InvesmentNews that four of its clients reported receiving the emails since Monday, June 23, and all recipients were compliance executives at financial firms.
ACA Group shared a copy of the emails, which include the SEC’s Washington, D.C., headquarters in its signature alongside Bottom’s name and title. The sender’s email address is listed as “[email protected][.]com” which ACA Group says is commonly used in phishing attacks. The emails ask advisors to reply and confirm their email addresses, according to a screenshot shared by ACA Group.
SEC-registered investment advisors were among the ACA clients to be targeted in the phishing campaign, as well as a private equity firm and hedge fund.
“What was common amongst them, at least the ones I saw because I went back and looked up ADV filings for the various firms, is they were all on the smaller side with $1 billion or less in RAUM and roughly 10 or less employees,” Aaron Pinnick, senior manager of thought leadership at ACA Group, told InvestmentNews. “That's not necessarily a representative sample of who received it, just who forward those messages to us.”
The SEC is now asking recipients of the fraudulent email to not respond and to file a complaint to the SEC’s Office of Inspector General. In a statement to InvestmentNews, an SEC spokesperson said the agency’s Office of Information Technology notified the SEC’s Division of Examinations’ Cybersecurity Program Office of the phishing campaign, and that division is now in contact with FINRA’s Cyber Unit.
“The SEC’s Office of Information Technology (OIT) is aware of an active phishing campaign involving fraudulent emails that claim to be from agency Chief Information Officer David Bottom and appear to target SEC registrants,” an SEC spokesperson said in a statement. “The messages ask the recipients to reply and confirm their email address to enable future communication. This is commonly known as “pretexting,” a social engineering technique where scammers devise a legitimate scenario and/or use an authoritative figure to gain trust and persuade recipients to divulge sensitive information.”
An SEC Investor Alert was previously issued in 2021 that details how to detect phone calls, voicemails, emails, and letters that impersonate the regulator. Pinnick explained the initial fraudulent emails impersonating Bottom “isn't really that dangerous,” but warns that responding to the email could lead to more nefarious exposure.
“What we would expect were to happen would be after you validated your email address with the supposed CIO of the SEC, which obviously wasn't that individual, but after you validated that you would receive some sort of secure file transfer link, download attachment, etc, which, when you interact with that you would get either redirected to a malicious website, download malware or ransomware or some form of malicious code,” said Pinnick.
A $141M judgment and a federal asset freeze collide over one shrinking pool
The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.
Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.
CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.
The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.
Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income
Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.