NFA Alerts
This page contains a list of alerts NFA has posted to its website regarding various fraudulent, web-based campaigns targeted at NFA Members. NFA recommends that Members periodically check the NFA website for new alerts, which are initially posted to the NFA homepage.
Types of Cyberattacks
Phishing
These campaigns consist of emails designed to trick recipients into sharing sensitive information, usually by impersonating a company or trusted individual. NFA reminds all Members to be vigilant when it comes to email requests. All legitimate emails from NFA will come from an address ending in @nfa.futures.org, nfanotifications@mailer.nfa.org or @nfa-swaps-proficiency-requirements.moonami.com in the case of NFA's Swaps Proficiency Requirements.
In general, Members should not trust unsolicited emails, especially emails that ask for personal or financial information. With any email, Members should verify the sender prior to responding and ensure the validity of links or attachments prior to clicking on them.
Smishing
This is a variation on phishing where, rather than utilizing email, scammers utilize mobile text messaging to target victims. NFA currently does not utilize text messaging in any form (e.g., SMS, WhatsApp, Telegram, etc.) to communicate with Members. If you receive a text message from someone purporting to be an NFA employee, do not act on it and report it to NFA.
Fake Website
Accessing a fake website could result in your personal or financial information being stolen or your device becoming infected with a virus or malware. NFA never solicits funds from the public or requires individuals to provide their personal financial information through NFA's website. NFA's only website is www.nfa.futures.org.
If you are ever in doubt about a purported NFA communication of any kind, please contact NFA's Information Center (312-781-1410 or 800-621-3570 or information@nfa.futures.org).
Month Posted: July 2024
Alert Type: Outage
July 19, 2024: NFA Members impacted by the CrowdStrike incident should contact our Information Center at 312-781-1410 or 800-621-3570 or information@nfa.futures.org.
Month Posted: January 2024
Alert Type: Phishing
January 30, 2024: NFA has learned of a recent phishing campaign that involves fraudulent emails purporting to be from NFA. These emails have a source domain name "@members-nfa.org". NFA reminds all Members to diligently scrutinize the sender's address for any email purportedly sent by NFA. All legitimate emails from NFA will come from an address ending in "@nfa.futures.org," nfanotifications@mailer.nfa.org or "@nfa-swaps-proficiency-requirements.moonami.com" in the case of NFA's Swaps Proficiency Requirements.
Month Posted: September 2023
Alert Type: Fake Website and Smishing
NFA recently learned of an ongoing fraudulent, web-based campaign soliciting individuals to sign up for an NFA internship program preparation course and/or digital currency platform trading course. Some of the solicitation is occurring through online messaging platforms such as WhatsApp and Telegram and directs individuals to several different websites fraudulently posing as NFA's website, including:
|
|
Individuals are required to provide their bank account information and deposit money to access the program, which allegedly will qualify an individual for a position at NFA to trade digital currencies. Oftentimes, individuals are told that they will be able to double their money. Ultimately, individuals participating are not able to receive a return of their funds.
NFA's ONLY website address is nfa.futures.org, and legitimate emails from NFA will come from an address ending in @nfa.futures.org, nfanotifications@mailer.nfa.org or @nfa-swaps-proficiency-requirements.moonami.com. NFA never solicits funds from the public or requires individuals to provide their personal financial information through NFA's website.
Month Posted: July 2021
Alert Type: Phishing
NFA has learned of a recent phishing campaign that involves fraudulent emails purporting to be from NFA staff. These emails have a source domain name "@basicnet-nfafures.org." NFA reminds all Members to be vigilant when it comes to email requests. All legitimate emails from NFA will come from an address ending in @nfa.futures.org, nfanotifications@mailer.nfa.org or @nfa-swaps-proficiency-requirements.moonami.com in the case of NFA's Swaps Proficiency Requirements. Always be sure to scrutinize the sender's address...
Note: This alert was sent by email. See Notice I-21-23 to read the complete mailing.
Month Posted: June 2021
Alert Type: Phishing
NFA has learned of an ongoing phishing campaign that involves fraudulent emails purporting to be from NFA staff...These emails have a source domain name "@nfa-futures.com" and may include an attachment. The domain of "@nfa-futures.com" is not connected to NFA. Firms should not open any attachments from this domain and should delete all emails originating from this domain...
Note: This alert was sent by email. See Notice I-21-17 to read the complete mailing.
Month Posted: March 2021
Alert Type: Phishing
Last year, NFA warned Member firms of an increase in fraudulent phishing emails in the financial industry. At that time, we were not aware of a specific NFA-related phishing attempt. NFA learned today, however, of an ongoing phishing campaign that involves fraudulent emails purporting to be from NFA staff...
Note: This alert was sent by email. See Notice I-21-20 to read the complete mailing.
Month Posted: May 2020
Alert Type: Phishing
Recently, a number of institutions including those in the financial industry have reported an increase in fraudulent phishing emails which purport to be from the institution or the institution's employees. Often these emails include domain names that are almost identical to the institution's domain...
Note: This alert was sent by email. See Notice I-20-21 to read the complete mailing.