Now, come, you didn’t really believe that a financial regulator would steal our personal data and money, did you? But before you click away, stay with us for a little longer and continue reading because there is an interesting story behind the flashy headline.
It’s the story about what fraudsters do to steal personal data and take advantage of the gullibility of financial professionals. It highlights the need of constant vigilance in the digital age, proper staff education about cyber risks and why it doesn’t need sophisticated hacks to breach cyber security defenses.
It started with an announcement from European Securities and Markets Authority (ESMA) from 12th April. In its statement the financial regulator says that it “has been informed that an individual operating under the name “Edward Stewart” has used ESMA’s identity and logo. This individual is presenting himself as an employee of ESMA conducting investigations in order to steal personal data and convince the potential victims to transfer money.”
How did the perpetrator go about it though? Apparently, you would receive an e-mail, in which the fraudster(s) poses as an ESMA investigator and claims to conduct an investigation.
ESMA gives a number of examples that the fraudster uses:
EXAMPLE: “My name is Edward Stewart, the one you spoke to yesterday over the phone. This is about the in depth investigation that we are conducting. Our investigation started off 2 Years and 3 Months ago…”
He asks for personal data:
EXAMPLE: “Now if you can provide us any proof such as receipts, or declaration of deposits…”
He signs off as an employee of ESMA, using a fabricated ESMA e-mail signature:
EXAMPLE: “Sincerely yours,
Contact Number +33975181294
Investors Protection and Intermediaries
Standing Committee Department”
It its statement the regulator informs the public that it has already lodged a complaint before the French police regarding this matter though that doesn’t sound very promising for anyone concerned if you know how many fake emails are circulating (Just take a look into your spam folder for some examples).
ESMA gives some advice as to how to protect yourself against these unauthorised communications:
– check whether the e-mail received is genuine;
– inform your superior in case of suspicious e-mails;
– contact ESMA if any suspicion arises; and
– contact the police.
ESMA also outlines different ways how criminals create an impression to lure their victims into a trap, namely by using ESMA’s name, logo or the name of an ESMA staff member, a bogus website which appears to be that of ESMA, and/or make bogus references to people said to work in ESMA.
It isn’t a single case that someone uses the might and reputation of financial regulators to lure people into a trap though. FINRA, the independent U.S. self-regulatory body, issued a statement in February warning investors to beware of financial scams in which con artists are posing as regulators to make fraudulent investment pitches.
It shows that criminals are exploring all avenues and thanks to digital tools it sometimes seems easier than ever to make a quick buck. And they don’t even seem to be afraid to take on the authorities themselves. What times do we live in…