The FCA this week issued a warning about fraudulent emails, letters and phone calls masquerading as official communications from the regulator. The warning also highlights fake FCA websites.
The warning notice from the FCA also includes valuable information on how you can avoid these scams and lists the fake email addresses and domain names currently in use by fraudsters.
Fake FCA emails
The FCA send emails from addresses ending in:
The FCA has measures in place to prevent fraudsters spoofing their email addresses. But fraudsters often use similar email addresses to make emails appear genuine.
The following are some of the fake emails from several domains that have been reported to the regulator:
- firstname.lastname@example.org, email@example.com, firstname.lastname@example.org. These email addresses do not match any FCA employees, but are actually being sent by email@example.com or firstname.lastname@example.org. The top 3 subject lines in these fake emails are, “Project Loan”, “Project Seking”, and “Project Seking Loan” (July 2022)
- @secure-fca.org.uk: potential scam email to firms using this email address (July 2022)
- @opbas.net and @opbas.uk
- email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org (this email asks to complete a survey on the FCA’s conduct rules and coronavirus)
- email@example.com (a fake email sent to firms regarding a due diligence request. This email is a clone address. Don’t open the link to the questionnaire in the email. November 2020)
- fake emails claiming to be from RegData (data collection platform) with the domains rdc-fca.com and rdc-fca.org.uk (February 2021)
- @fca.com – fake email about firm details attestations submissions. Emails are being spoofed so falsely appear to come from this address (January 2022)
It is strongly advised that you always delete suspicious emails without opening them.
Fake versions of the FCA website
Fraudsters may create copies of the FCA’s websites and change the information. They may change warnings pages, so it looks like scam firms are authorised by the regulator.
These cloned websites can be very convincing, with links and contact information copied from the FCA’s website.
You can make sure the FCA website is genuine by checking the website address that appears in the address bar at the top of the webpage. It should always begin with: www.fca.org.uk or register.fca.org.uk/s/ for the FS Register.
Be aware that some fake versions of the website will make small changes in the domain name to make them look similar (eg ‘register-fca.org.uk’ instead of the real website ‘register.fca.org.uk’).
The FCA online systems for firms have web addresses that start with:
Official FCA social media accounts
- Facebook (ScamSmart) www.facebook.com/FCAScamSmart
- LinkedIn www.linkedin.com/company/financial-conduct-authority, www.linkedin.com/showcase/transforming-culture-
- Twitter twitter.com/TheFCA, twitter.com/FCAInsight, twitter.com/FCACymru
- YouTube www.youtube.com/user/TheFCAtv
Scammers can make FCA switchboard numbers – 020 7066 1000, 0300 500 8082 and 0800 111 6768 – appear in your caller ID.
It is important to remember to not give out any personal information following an incoming call and do not call these individuals back using the contact details they have provided.
The FCA does at times call customers in connection with investigations. If you receive one of these calls and would like to check that it is from a genuine FCA employee, please contact the FCA consumer helpline.
If you would like more information on FCA scams or concerned about a communication you’ve received, contact the FCA here or call 0800 111 6768.
For more information on FCA regulations, or to ensure your business is meeting its compliance obligations, contact us here.