Email Phishing Scam Targets New York Financial Services Firms, DFS Warns

The New York State Department of Financial Services (DFS) is alerting firms and individuals it regulates to use caution before responding to emails from senders falsely claiming to represent DFS.

DFS said it recently became aware of phishing emails “purporting to come from DFS personnel urging regulated entities to open files, make payments, and/or claims to share a file that is missing to prompt further engagement.”

DFS is urging entities to closely review email header information, including the email address used to transmit the email. Legitimate DFS emails will be sent only from [@]dfs.ny.gov or [@]public.govdelivery.com.

At least some of the messages claiming to be from DFS were sent from [@]myportal.dfs.ny.gov.cazepost.com. Emails from this domain are not legitimate.

DFS warns against using contacts or links provided in these communications. Instead, firms and individuals should directly reach out to DFS via their primary point of contact.

DFS regulates more than 3,000 banks, insurers, credit unions, and other financial services entities.