Scammers are impersonating the US Securities and Exchange Commission (SEC) with spoofed phone calls and other communications that attempt to steal money and personal information from victims.
“We are aware that several individuals recently received phone calls or voicemail messages that appeared to be from an SEC phone number,” the SEC said in a statement. “The calls and messages raised purported concerns about unauthorized transactions or other suspicious activity in the recipients’ checking or cryptocurrency accounts. These phone calls and voicemail messages are in no way connected to the SEC. If you receive a communication that appears to be from the SEC, do not provide any personal information unless you have verified that you are dealing with the SEC. The SEC does not seek money from any person or entity as a penalty or disgorgement for alleged wrongdoing outside of its formal Enforcement process.”
The SEC stresses that it won’t ask for money or information via unsolicited messages.
“SEC staff do not make unsolicited communications – including phone calls, voicemail messages, or emails – asking for payments related to enforcement actions, offering to confirm trades, or seeking detailed personal and financial information,” the SEC says. “Be skeptical if you are contacted by someone claiming to be from the SEC and asking about your shareholdings, account numbers, PIN numbers, passwords, or other information that may be used to access your financial accounts. Again, never provide information to someone claiming to be from the SEC until you have verified that the person actually works for the SEC.”
The statement adds that scammers impersonate real employees at the SEC to add legitimacy to their schemes.
“Con artists have used the names of real SEC employees and email messages that falsely appear to be from the SEC to trick victims into sending the fraudsters money,” the SEC says. “Impersonation of U.S. Government agencies and employees (as well as of legitimate financial services entities) is one common feature of advance fee solicitations and other fraudulent schemes. Even where the fraudsters do not request that funds be sent directly to them, they may use personal information they obtain to steal an individual’s identity or misappropriate their financial assets.”
New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for these attacks.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
