SEC Issues Warning For US Investors On Phishing, Smishing, & Vishing Scams

SEC Issues Warning For US Investors On Phishing, Smishing, & Vishing Scams

Authored by Naveen Athrappully via The Epoch Times,

The U.S. Securities and Exchange Commission (SEC) warned investors recently that fraudsters use phishing, smishing, and vishing scams to attempt to compromise their financial, investment, or personal accounts.

“Phishing, smishing, and vishing are types of scams where a fraudster tries to trick you into providing sensitive personal or financial information by posing as an entity you know or trust, such as an investment firm, bank, or some other personal service that you use,” the SEC said in an April 23 alert.

Once a malicious actor gets the personal information of a target, such as social security numbers, bank account numbers, ATM PINs, and driver’s licenses, they can use this to access the target’s accounts

“The main difference between these ‘-ishing’ scams is the method the fraudster uses to try to steal your information or carry out other attacks.”

Phishing involves the use of email to contact a target, tricking them into providing personal or financial information. This is done by urging the target to reply to the mail, clicking on a link to a website mimicking a legitimate platform, or opening an attachment, which downloads malware into their systems.

Fraudsters can use names of real people, companies, or government agencies to make the message sound authentic. The email address they use may contain the name of a company or government agency. The emails could also contain official-looking fine print, legal references, along with graphics and logos.

Such emails typically invoke urgency to solicit information. For instance, the hackers may claim the target’s bank account or other types of accounts will be closed if it’s not updated with certain information. Some fraudsters can claim problems with account or payment information, while others entice through monetary schemes such as prize money.

Smishing and vishing are similar to phishing. Smishing involves fraud via texts or direct messages, while vishing involves the fraudsters contacting targets via phone calls.

In its 2025 Internet Crime Report, the FBI listed phishing as a major financial crime type for the year.

The agency’s Internet Crime Complaint Center (IC3) received more than 1 million complaints in total from people who were defrauded out of their money.

Last year, phishing/spoofing was the top crime type reported to IC3, which received 191,561 complaints. Phishing and spoofing resulted in more than $215 million in losses to the complainants.

In the recent alert, the SEC said that its efforts to warn investors about phishing, smishing, and vishing were in accordance with a March 6 executive order signed by President Donald Trump, “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens.”

The order defined cybercrime and predatory schemes as activities involving phishing scams, ransomware and malware attacks, sextortion, financial fraud, and impersonation. It called on officials to determine how regulatory, operational, technical, and diplomatic tools can be improved to counter transnational criminal organizations behind cybercrimes.

In a March 6 Fact Sheet, the White House said, “In 2024, American consumers reported losing more than $12.5 billion to cyber-enabled fraud, with seniors on average losing the most.”

“[Seventy-three] percent of U.S. adults have experienced some kind of online scam or attack, and 87 percent of seniors view online scams and attacks as a major problem.”

Protecting Accounts

In another April 23 alert, the SEC advised people to protect their online investment accounts from fraud by using strong passwords, changing passwords regularly, using two-step verification, turning on account alerts, adding biometric safeguards, and avoiding using public computers to access accounts.

SEC asked investors to use caution when using public Wi-Fi connections.

“If you access your account on a public wireless connection, such as at a coffee shop or airport, you should use extra caution. It is very easy to ‘eavesdrop’ on internet traffic, including passwords and other sensitive data, on a public wireless network.”

The agency advised investors in a separate alert on April 23 to contact their investment company immediately if they think their account has been compromised.

Plus, investors should regularly monitor investment accounts for any suspicious activity. “Look out for any changes to your account information that you do not recognize (e.g., a change to your address, phone number, e-mail address, account number, or external banking information),” the SEC said.

“You should also confirm that you authorized all of the transactions that appear in your account statements and trade confirmations.”

Tyler Durden
Mon, 04/27/2026 - 21:45