NFA Sounds Alarm over Phishing Emails Impersonating Its Staff

Fake emails purporting to be from the US National Futures Association (NFA) have been sent to potential market participants, according to a regulatory statement.

The mass email scam appears to be from the source domain name “@nfa-futures.org” and request an immediate response. Like a campaign the group warned about in October, the Chicago-based regulator has alerted investors to avoid a phishing email that is requesting broker-dealers to fill out a fraudulent NFA study.

In a notice posted on its website today, the NFA said it “reminds all Members to be vigilant when it comes to email requests. All legitimate emails from NFA will come from an address ending in @nfa.futures.org, [email protected] or @nfa-swaps-proficiency-requirements.moonami.com in the case of NFA’s Swaps Proficiency Requirements. Always be sure to scrutinize the sender’s address.”

The NFA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.

Finally, the Wall Street’s futures industry watchdog has requested that the internet domain registrar suspend services for @nfa-futures.org, adding that it advised firms to delete all emails originating from this source.

Brokers Warned over Scam Emails

The National Futures Association self-regulates futures trading and is itself supervised by the US Commodity Futures Trading Commission (CFTC). Both watchdogs were given massive new responsibilities under the Dodd-Frank law, including setting requirements for how much borrowed money, or margin, the firms’ clients can use on currency trades.

Over the last few months, US regulators have repeatedly warned financial services firms of tricky new phishing campaigns that mimic a message from the nongovernmental organization.

Typically, the fraudsters use special software to make the message appear genuine. Recipients are often invited to click on a link that appears to take them to the watchdog’s website. Instead, they go to a false website that tries to steal sensitive information from those targeted, which can be used later without their knowledge to commit fraud.

Additionally, the watchdog pointed to its guidance on fake emails, websites, letters and phone calls on its website. The regulator said anyone in doubt about the authenticity of contact or receives such correspondences should contact the relevant authorities.

Furthermore, NFA urged anyone who entered their password to change it immediately and notify the appropriate individuals in their firm of the incident. Further, it has provided details on how to identify spoof emails in a dedicated section on its website.

Source: Read Full Article