Email from the CSA or IIROC? It might be a scam

Fraudsters are using emails that appear to come from financial services regulators to gain access to accounts

Email from the CSA or IIROC? It might be a scam
Steve Randall

Advisors and their clients are being urged to be cautious if they receive an email that looks like it’s from one of Canada’s financial regulators.

The Canadian Securities Administrators (CSA) says that it is aware of emails that appear to come from its domain, along with others using fake IIROC and MFDA addresses.

The warning comes just weeks after the CSA warned of emails that seem to be sent by well known financial services firms and include electronic brochures or other marketing materials, but link to fake websites that, while appearing professional, are ‘phishing’ for information.

The CSA says it is monitoring its systems for unusual activity as a result of reports of fake emails that are attempting to gain access to personal or confidential business information.

A recent global report from UK-based online security firm Callsign found that consumers say they trust genuine organizations less once they have received a scam email impersonating their brand name.

Financial services account for almost 6 in 10 of the scam emails received by respondents, some of whom are sent up to three every day. A TransUnion study has found that fake emails originating in Canada have surged in 2021.

“Fraud hides in volume and the rapid migration of the global population online in the last 18 months has led to the industrialization of scams. The consequence is fraudsters are using the same channels we’re using to authenticate genuine consumers, and this is harming organizations’ reputations with the decrease of trust in their brands,” explained Stuart Dobbie, SVP, Innovation, Callsign.

It isn’t just email that are a prolific source of scams with consumers reporting that they receive fake SMS messages and just 5% believing that this is a safe form of communication from a bank or other financial firm.

Is it suspicious?

The CSA strongly urges anyone receiving an e-mail from the CSA, IIROC or MFDA to verify:

  1. Is the message from a real CSA, IIROC or MFDA e-mail address?
  2. Is the message from someone you know who works at one of these organizations?
  3. Were you expecting this e-mail?

If you do receive a suspicious e-mail claiming to be from the CSA, the organization asks that you contact [email protected].

The CSA recommends that recipients of such e-mails immediately change all their e-mail and login passwords.