ScamsSep 8 2020

Advisers warned of fake FCA Covid survey

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Advisers warned of fake FCA Covid survey

Advisers have been warned of a scam email purporting to be from the regulator, asking them to complete a survey on its conduct rules and the effect coronavirus is having on their business.

The email, which circulated last week, was sent from fcaimpact4@fcanewsletter.org.uk but according to the Financial Conduct Authority the email may also come from fcaimpact1, fcaimpact2 and fcaimpact3.

It mimics the genuine coronavirus survey sent to advisers by the FCA in June, which attempted to assess the industry's financial wellbeing in light of the pandemic.

The email requests firms to fill in an attached survey and part with personal information.

It says: "The FCA is seeking to further understand the effect the Covid-19 recession is having on the finances of the firms we regulate and better guide our supervisory actions and conduct rules.

“We require you to complete the attached survey in full (under section 165 of the Financial Services & Markets Act (FSMA) 2000) by close of business, Friday 4 September 2020.

"This survey is designed so that it is quick and simple to complete. Please ensure that you complete the questions where the relevant information is available.

“We do not intend to publish this survey or its outcomes on our website, due to its dynamic and confidential nature targeting different sections of the firms we regulate.

“If you have any questions when completing the survey, please reply to this email for immediate assistance."

Ricky Chan, director and chartered financial planner at IFS Wealth & Pensions, said it was “very worrying” to see scam e-mails increasingly targeting advisory firms.

Mr Chan said: “They are also looking more authentic with fewer errors, such as grammatical ones. 

“It’s easy to unwittingly think that as it's sent from a regulatory authority like FCA, one can assume credibility when they see the logo and domain name in the e-mail. 

“Obviously advisory firms need to be vigilant when communicating by e-mail but it only takes one mistake to get caught out.”

He added: “I think the FCA needs to do more to prevent firms becoming victims of cyber-crime, such as adopting secure messaging (with 2-factor authentication) to mitigate these risks going forward. 

“I’m not an IT expert, but I feel that this could be added to either the FCA Connect system or FCA Gabriel reporting system as firms are already registered there.”

Tim Morris, independent financial adviser at Russell & Co, said the increase in scams of this type was what made the firm stop using email to send secure or personal data to clients 

He said: “We use a secure messaging system instead.

“For me, sending secure information by email is similar to leaving your laptop unlocked in a public place or even leaving your front door open when you leave home. You are leaving private information on display and at risk.”

The FCA has also warned about emails circulating from the domain @gabriel-FCA.org.uk and aml@opbas.net.

Back in May, advisers were targeted by scammers using the email address connect12@gabriel-fca.org.uk, in which they were asked to fill in a questionnaire, which included a profile section with their personal details.

The FCA pointed to its guidance on fake emails, websites, letters and phone calls on its website.

This states: “The scammers may contact you by email, post or a phone call and claim to be from the FCA or use the name of an employee, to give the impression that the communication is genuine.

“We send emails from addresses ending in @fca.org.uk and @fcanewsletters.org.uk, but be aware that fraudsters can ‘clone’ these email addresses to make their emails seem genuine.”

In July, the regulator warned of a fake website which attempted to reproduce is register and webpage under the domain www.thefca.net.

This website has now been shut down.

The fake website used the same colouring as the legitimate FCA site and even included links to consultation and policy papers.

The FCA stated: “Fraudsters may create copies of our websites and modify some of the information on them. They may change our warnings pages for example so it appears that scam firms are authorised by us when they are not. These cloned websites can be very convincing with links that work and contact us information.

“You can check whether our website is genuine by checking the web address (domain name or URL), which appears in the address bar at the top of the webpage. It should always begin with: www.fca.org.uk or register.fca.org.uk”.

amy.austin@ft.com

What do you think about the issues raised by this story? Email us on fa.letters@ft.com to let us know.