Austria regulator warns of fraudsters using fake FMA addresses
Austria’s financial regulator FMA has issued a warning about fraudulent activities, in which faked FMA email addresses and FMA web domains are being used, in particular for CEO Fraud.
The FMA warns that in light of the particular challenges faced by the COVID-19 crisis and the associated increase in uncertainty in many facets of life that a significant increase of fraudulent activities has been observed. The fraudsters are apparently not afraid to use fake FMA Internet domains or faked FMA e-mail addresses in claiming to represent the FMA.
Fraudsters are currently increasingly also exploiting the particular challenges presented by teleworking for employees of companies, to current to deceive them using falsified e-mails from their superiors, especially from members of the top management, to conduct transfers while circumventing the usually applicable internal control standards.
There is frequently a request for “strict confidentiality” with communications to be restricted to e-mails circulating between the circle of addressees listed in the e-mail (using the falsified e-mail addresses). In addition, falsified information and letters from renowned law firms are frequently used, and/or references made to supervisory authorities like the FMA, including faked links and e-mail addresses.
Several banks have reported to the FMA that such fraudulent activities also have been making use of fake domains like “fma-gv-at.com”, “at-fma.com” or “FMA-gv.com” or are sent from those domains, and/or where in the “Return-Path” of the e-mail clearly faked FMA e-mail addresses such as email@example.com, firstname.lastname@example.org and email@example.com are used. All the FMA domains or FMA e-mail addresses are faked, are being misused by fraudsters and have no connection to the FMA.
In individual instances, considerable financial damages have already been sustained.
The FMA’s Executive Directors, Helmut Ettl and Eduard Müller stated:
“Remain critical, even in a time of crisis. Make sure that you observe the usual control mechanisms and precautionary measures precisely in this particularly challenging time, also when working from home or working remotely!
Check all transactions carefully, and check all requests to make payments in accordance with the approval hierarchy!”