SEC Issues Alert on Phishing, Smishing and Vishing Scams Targeting Investor Accounts

U.S. Securities and Exchange Commission issued a warning to investors on April 23, 2026, about phishing, smishing, and vishing scams targeting financial, investment, or personal accounts. ZeroHedge reported the alert, which defines these scams as methods where fraudsters pose as trusted entities like investment firms, banks, or personal services to trick individuals into providing sensitive information.

Malicious actors then use obtained details such as social security numbers, bank account numbers, ATM PINs, and driver’s licenses to access targets’ accounts. Phishing involves emails that urge recipients to reply, click links to fake websites, or open attachments that install malware.

Fraudsters enhance authenticity by using real names of people, companies, or government agencies, along with email addresses incorporating those names, official-looking fine print, legal references, graphics, and logos.

These emails often create urgency, claiming accounts will close without updates, reporting issues with account or payment information, or promising prizes like monetary rewards. Smishing uses texts or direct messages for similar deceptions, while vishing relies on phone calls to extract information. The SEC's alert aligns with broader efforts to address cyber threats.

President Donald Trump signed an executive order on March 6, 2026, titled 'Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens,' which defines cybercrime to include phishing scams, ransomware and malware attacks, sextortion, financial fraud, and impersonation.

The FBI's 2025 Internet Crime Report identified phishing as a major financial crime type for that year. The agency’s Internet Crime Complaint Center received more than 1 million complaints from individuals defrauded of money in 2025.

Phishing and spoofing topped the list with 191,561 complaints, resulting in over $215 million in losses to those affected. 5 billion to cyber-enabled fraud in 2024, with seniors experiencing the highest average losses. U.S. Adults have encountered some form of online scam or attack, and 87 percent of seniors consider online scams and attacks a major problem.

The White House provided these figures in a fact sheet accompanying the executive order. In a separate alert on April 23, 2026, the SEC advised protecting online investment accounts with strong passwords, regular password changes, two-step verification, account alerts, biometric safeguards, and avoidance of public computers.

The agency recommended caution on public Wi-Fi, noting the ease of eavesdropping on traffic including passwords. Investors should monitor accounts for unrecognized changes to details like addresses, phone numbers, email addresses, account numbers, or external banking information, and confirm all transactions in statements and trade confirmations.

“Phishing, smishing, and vishing are types of scams where a fraudster tries to trick you into providing sensitive personal or financial information by posing as an entity you know or trust, such as an investment firm, bank, or some other personal service that you use,” the SEC stated in its April 23 alert.

” The alerts emphasize immediate contact with investment companies if compromise is suspected.