| The New York State Department of Financial Services (DFS) is alerting regulated entities and individuals to use caution before responding to outreach from individuals falsely claiming to represent DFS. DFS recently became aware of phishing e-mails purporting to come from DFS personnel urging regulated entities to open files, make payments, and/or claims to share a file that is missing to prompt further engagement. DFS urges all regulated entities to closely review e-mail header information, including the e-mail address used to transmit the e-mail. Legitimate DFS e-mails will be sent only from [@]dfs.ny.gov or [@]public.govdelivery.com. At least some of the messages claiming to be from DFS were sent from [@]myportal.dfs.ny.gov.cazepost.com. E-mails from this domain are not legitimate. If you receive unexpected communications from DFS requesting immediate payment, to open an attachment, or to enter account credentials, you should confirm the legitimacy of the e-mail before taking action. Do not use contacts or links provided in these communications. Instead, directly reach out to DFS via your primary point of contact or the DFS Consumer Assistance Unit. As always, regulated entities and individuals should exercise caution when asked to provide sensitive information, open attachments, enter account credentials, change payment instructions, or issue payments. DFS urges regulated entities and individuals to continue regular personnel training and simulated phishing exercises in addition to technical controls such as e-mail filtering and alerts for external e-mails. |
|
|
|
