June 30, 2025
What happened?
Multiple reports indicate an active phishing operation targeting Registered Investment Advisers with fraudulent emails impersonating official SEC communications. These messages may appear to be sent from David Bottom, the current Chief Information Officer of the SEC, but use a spoofed domain. Look out for the phrase “virumail.com” following the “sec.gov” in the sender’s email address. Virumail.com is a known phishing platform.
The messages ask for the recipient to confirm their email address. This call-to-action is a classic technique used to locate active addresses and give the scammer a pretext for future communications. A harmless initial communication builds trust, and then future communications would likely include malware or direct the recipient to a harmful website.
What does this mean for me?
Let your team know about this active phishing campaign immediately. Now might also be a good time to send simulated phishing emails to test your team and keep them vigilant.
Heed the SEC’s advice for suspicious communications: If you receive a communication that appears to be from the SEC, do not provide any personal information unless you have verified that you are dealing with the SEC. The SEC does not seek money from any person or entity as a penalty or disgorgement for alleged wrongdoing outside of its formal Enforcement process.
If you need assistance training your team on phishing and cybersecurity, please contact us here.
