Mutual fund dealers are apparently being targeted by a new phishing scam, the Mutual Fund Dealers Association of Canada (MFDA) warned Tuesday.
In a notice to its members, the industry self-regulatory organization (SRO) says that it has received reports of dealers receiving suspicious emails from a file transfer protocol (FTP) site called “filestofriends.com” that claim to contain a file sent by the MFDA.
These messages are not legitimate, the MFDA warns, and dealers should not open the attachments or click on any links. “The email references the ‘Mutual Fund Dealers Association of Canada, February Review’ and includes a purported PDF document titled MFDA.pdf,” the notice states.
It also points to red flags in the emails indicating possible fraud, including the use of an email domain, “mfdaa.ca,” which is not legitimate, and that the messages aim to create a sense of urgency. In addition, the MFDA does not use the Files to Friends FTP service, the SRO says.
“Phishing scams are attempts at trying to obtain private personal or financial information by asking that you provide it in a reply email, by clicking on a link to a website that imitates a legitimate website or by opening an attachment. Members that receive suspicious emails from an unknown source should use caution before replying to the sender or opening any links or attachments,” the notice warns.
Phishing attacks are among the most prevalent cybersecurity issues reported by firms. In 2017, the Canadian Securities Administrators issued cybersecurity guidance, which noted that an industry review found that 43% of firms have faced these sorts of incidents.
Preparation key to mitigating cybersecurity threats: CSA
Regulators have also warned firms about efforts to impersonate regulators through email, social media and other channels, as part of identity theft scams, advance fee frauds and other schemes.