Beware of Auction Rate Securities Settlement "Phishing" Scam

FINRA is issuing this Alert to warn the public about an auction rate securities (ARS) “phishing” scam that promises compensation from ARS settlements in exchange for personal information. The email looks like it originated from FINRA—although it did not. It purports to inform the recipient of regulatory actions, including fines imposed by FINRA related to ARS, and states that the recipient is due $1.5 million regardless of the amount of their ARS investment or loss. The email then “phishes” for personal information including occupation, address and phone number.

 

Real Life Example

 

Here is a version of the ARS phishing email obtained by FINRA:

 

 

ARS Phishing Email

 

 

Settlement Procedures Related to Auction Rate Securities

 

FINRA—along with the Securities and Exchange Commission and state securities regulators—announced final settlements with numerous brokerage firms relating to the sale of ARS. Contrary to the “phishing” email, FINRA does not contact investors directly to advise them of the settlements or settlement procedures.

 

Instead, firms that enter into settlements with FINRA typically send eligible investors offers to repurchase ARS that the firm sold to them. This buyback offer generally takes the form of a physical letter, not an email.

 

For information related to regulatory actions and procedures for investors involved in auction rate securities regulatory settlements, see FINRA’s Auction Rate Securities information. In addition, the SEC has published ARS information, including a list of toll free numbers that investors may call if they have settlement inquiries.

 

"Phishing"—Fraudulent Emails That Steal Your Personal Information

 

This "phishing" fraud is the latest in a long line of online scams that typically claim to be from a brokerage firm, bank, credit card company, government agency or other service you use or organization you trust. To appear genuine, these emails may use:
 

  • The names of real people.
  • Legitimate looking email addresses, such as "support@[name of your financial institution].com".
  • Authentic looking logos and graphics.
  • Links to pages of a bona fide website or information pulled directly from an organization’s website.
  • Official looking fine print and references to laws.

 

Most of these emails attempt to lure you into providing sensitive personal information by requesting that you provide it in a reply email or by clicking on a link to a website that mimics a legitimate website and asks you to provide the information. Various "urgent" messages are also used to coax you to provide information. In the email above, recipients were admonished: "Please do not delay as there are so many people to share from this settlement."

 

How to Protect Yourself

 

What should you do if you receive a "phishing" email? Do not respond. And do not click through to any links that might be provided in the email. If you receive a "phishing" email related to an ARS settlement, you are encouraged to notify FINRA by forwarding the email to FINRA’s Office of the Whistleblower at whistleblower@finra.org. You may also call the Whistleblower’s Office at 1-866-96-FINRA (1-866-963-4672).

For additional information about "phishing" scams, including tips to protect yourself from online identity theft, see FINRA’s Investor Alert, "Phishing" and Other Online Identity Theft Scams: Don't Take the Bait.

 

Resources

 

To receive the latest Investor Alerts and other important investor information sign up for Investor News.

Last Updated: 12/29/2009