Advisers have been warned of a scam email purporting to be from the regulator, asking them to complete a survey on its conduct rules and the effect coronavirus is having on their business.
The email, which circulated last week, was sent from firstname.lastname@example.org but according to the Financial Conduct Authority the email may also come from fcaimpact1, fcaimpact2 and fcaimpact3.
It mimics the genuine coronavirus survey sent to advisers by the FCA in June, which attempted to assess the industry's financial wellbeing in light of the pandemic.
The email requests firms to fill in an attached survey and part with personal information.
It says: "The FCA is seeking to further understand the effect the Covid-19 recession is having on the finances of the firms we regulate and better guide our supervisory actions and conduct rules.
“We require you to complete the attached survey in full (under section 165 of the Financial Services & Markets Act (FSMA) 2000) by close of business, Friday 4 September 2020.
"This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available.
“We do not intend to publish this survey or its outcomes on our website, due to its dynamic and confidential nature targeting different sections of the firms we regulate.
“If you have any questions when completing the survey, please reply to this email for immediate assistance."
Ricky Chan, director and chartered financial planner at IFS Wealth & Pensions, said it was “very worrying” to see scam e-mails increasingly targeting advisory firms.
Mr Chan said: “They are also looking more authentic with fewer errors, such as grammatical ones.
“It’s easy to unwittingly think that as it's sent from a regulatory authority like FCA, one can assume credibility when they see the logo and domain name in the e-mail.
“Obviously advisory firms need to be vigilant when communicating by e-mail but it only takes one mistake to get caught out.”
He added: “I think the FCA needs to do more to prevent firms becoming victims of cyber-crime, such as adopting secure messaging (with 2-factor authentication) to mitigate these risks going forward.
“I’m not an IT expert, but I feel that this could be added to either the FCA Connect system or FCA Gabriel reporting system as firms are already registered there.”
Tim Morris, independent financial adviser at Russell & Co, said the increase in scams of this type was what made the firm stop using email to send secure or personal data to clients
He said: “We use a secure messaging system instead.
“For me, sending secure information by email is similar to leaving your laptop unlocked in a public place or even leaving your front door open when you leave home. You are leaving private information on display and at risk.”
The FCA has also warned about emails circulating from the domain @gabriel-FCA.org.uk and email@example.com.