The European Securities and Markets Authority has warned investors after fraudulent emails purporting to be from the regulator were sent out.
The regulator said that its logo and names of members of staff were used in messages to investors who had previously lost money in similar scams. It is not known if any of these were private funds investors.
The regulator confirmed that all such communications were “entirely false” and included a four-step plan to protect against the problem, including checking an email’s legitimacy, informing managers of suspicious emails, contacting ESMA and contacting the police.
ESMA also noted that legitimate communications would come from its Paris address. It added that it does not have affiliates or branch offices elsewhere, and to check that any phone number to call on the emails was genuine.
Phishing is one of the most common cyber-attack tactics. Criminals generally email targets impersonating a business to trick them into giving out personal information or money. Almost one-third of phishing emails are opened, according to data from education provider cybertraining 365.
Cybersecurity remains high on national regulators’ watch lists. The US Securities and Exchange Commission considered it a top exam priority in January, while the G7 is expected to roll out standardized cybersecurity guidance for the financial services industry in October.
The non-binding strategy will include developing tailored cybersecurity protocols for specific risks, implementing governance infrastructure to enforce requirements at national and firm level and introducing cybersecurity exams in countries that currently lack them.