OSC warns firms about recent phishing attacks

Amid an increase in cybersecurity threats, the Ontario Securities Commission (OSC) is warning industry firms about a recent phishing attack impersonating its chair and CEO, Grant Vingoe.

The OSC issued an alert about apparent phishing emails that were sent to registered firms, such as fund managers and investment dealers, on July 13.

According to the alert, the messages “appear to come from a ‘D. Grant Vingoe’ of the Canadian Securities Administrators (CSA) along with a Montreal mailing address.”

The OSC advised firms that may have clicked links or opened attachments in these messages to immediately change their email passwords.

The regulator said it’s also aware of similar phishing campaigns intended to look like messages from the industry self-regulatory organizations, the Investment Industry Regulatory Organization of Canada and the Mutual Fund Dealers Association of Canada.

This latest warning from the regulators comes amid a sharp increase in cyberattacks since the onset of the pandemic.

Earlier this week, a report from the Financial Stability Board, an international body, said the number of reported attacks — including phishing, malware and ransomeware attempts — have jumped from an estimated 5,000 per week pre-pandemic to over 200,000 per week earlier this year.

The economic disruption caused by the pandemic, including the wholesale shift to remote working, a sharp increase in financial sector digitalization and increased economic hardship, were all cited as factors driving the apparent jump in cyberattacks.

James Langton

James is a senior reporter for Advisor.ca and its sister publication, Investment Executive. He has been reporting on regulation, securities law, industry news and more since 1994.