Financial Advisors Are Receiving Fake SEC Emails. Don't Take the Bait. -- Barrons.com

Dow Jones07-01

By David Wignall

A new phishing scam is flooding financial advisors' inboxes with fraudulent emails claiming to be from a top SEC official.

Compliance firm ACA Group first warned the public about the phishing campaign on Wednesday. Each fraudulent email claims to be from David Bottom, chief information officer at the SEC, and comes from a spoofed email address.

According to a sample of the email shared by ACA, all of the messages ask recipients to reply and confirm their email addresses. "I have been directed to send instructions regarding a request from The U.S. Securities and Exchange Commission," the message reads. "Before proceeding, I would like to confirm if this is the best email address to use for sending these instructions securely."

The request for confirmation is a form of "pretexting," a common practice in phishing scams used to identify active accounts and build trust for future communications, the ACA notes. The ultimate goal of the scam is unclear, but it could result in recipients downloading malware or clicking on a harmful website.

An SEC representative says the agency is aware of the active phishing campaign. "Recipients of the fraudulent email should not respond," the representative says.

People who are unsure whether correspondence claiming to be from the SEC is authentic can email the agency at Help@SEC.gov, the representative says. If they think they have been contacted by someone impersonating an SEC official, they can submit complaints to the SEC's Office of Inspector General $(OIG)$ or call the agency's toll-free hotline at (833) 732-6441.

ACA first received reports of the scam on Monday, June 23, says Aaron Pinnick, a senior manager at the compliance firm. Although ACA doesn't know the scale of the phishing campaign, Pinnick says it was likely "pretty widespread, given how many people came proactively to ACA."

Individuals should proceed with caution whenever an email requests new information when it's unexpected, emphasizes urgency, or asks to change to a different communication channel, Pinnick says.

"Our industry is always going to be a target," Pinnick says. "These phishing emails can always pop up and [impersonate] the SEC or other regulatory bodies."

Cybercrime is on the rise throughout the investment industry. The SEC's Office of the Investor Advocate reported last week that in 2024 it observed a 142% increase in reports of security fraud violations compared with 2023. It also observed a 51% increase in the number of reports of impersonators targeting investors.

Write to advisor.editors@barrons.com

This content was created by Barron's, which is operated by Dow Jones & Co. Barron's is published independently from Dow Jones Newswires and The Wall Street Journal.

(END) Dow Jones Newswires

June 30, 2025 14:44 ET (18:44 GMT)

Copyright (c) 2025 Dow Jones & Company, Inc.

At the request of the copyright holder, you need to log in to view this content

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment