ASIC has warned of impersonators posing as the corporate regulator in an attempt to approach customers listed on its registries.

The key registry for financial advisers is the Financial Adviser Register which contains all vital business information.

The regulator said in an update on Friday scammers have been using look-alike domains to pose as ASIC.

The scammers will typically ask registry customers to pay fees or give personal information to renew their business or company name.

“These emails often have a link that requests your ASIC usernames and passwords and may infect your computer with malware if you click the link,” ASIC said.

ASIC said it is likely a scam if someone is asked to make a payment over the phone, make a payment to receive a refund, asked to provide a credit card or bank details directly by email or phone, or asked to pay fees that are different from the fees on the regulator’s website.

The regulator also noted the requests might be outside of usual timeframes; ASIC will only issue a renewal notice 30 days before the due date.

Cyber season

Cybercrime has been in the mainstream news this year when both Optus and Medibank customer data systems were hacked, but RI Advice’s penalty earlier in the year has kept the issue topical in the advice industry.

Plutosoft co-founder Vincent Holland described advice firms as a “hot target” due to the identity and investment data available.

Speaking at the Professional Planner Licensee Summit in Katoomba earlier this year, Security in Depth CEO Michael Connory said most businesses can be hacked within half an hour.

Professional indemnity insurance experts mentioned having poor risk management – including cybersecurity – systems in place could lead to more expensive premiums. Even using email for client communications has become a risk with online portals becoming the recommended method for communication.

Join the discussion