The Securities and Exchange Commission (SEC) has warned of a new multi-channel phishing campaign designed to elicit personal and financial information from victims.
An investor alert from the regulator revealed that several people have come forward claiming to have received phone calls or voicemail messages from purported SEC staff.
The scammers apparently raised concerns about suspicious activity on the recipients' checking or cryptocurrency accounts in a bid to trick them into handing over more sensitive info — a classic phishing tactic.
“These phone calls and voicemail messages are in no way connected to the SEC. If you receive a communication that appears to be from the SEC, do not provide any personal information unless you have verified that you are dealing with the SEC,” the regulator urged.
“The SEC does not seek money from any person or entity as a penalty or disgorgement for alleged wrongdoing outside of its formal enforcement process.”
The SEC extended the warning to any form of unsolicited communication, including emails and letters, claiming it will never ask for payments related to enforcement actions, offer to confirm trades, or seek detailed personal and financial information.
Nor will SEC staff ask for details on shareholdings, account numbers, PINs, passwords, or other information, it clarified.
Scammers appear to be using an expanding array of tactics to increase their chances of success.
“Con artists have used the names of real SEC employees and email messages that falsely appear to be from the SEC to trick victims into sending the fraudsters money. Impersonation of US government agencies and employees (as well as of legitimate financial services entities) is one common feature of advance fee solicitations and other fraudulent schemes,” it continued.
“Even where the fraudsters do not request that funds be sent directly to them, they may use personal information they obtain to steal an individual’s identity or misappropriate their financial assets.”