SIPC Advises Investors to Ignore E-mail-based "Phishing" Schemes for Personal Financial Information

New Warning is Third in Two Months About Actual, Possible Schemes

WASHINGTON, D.C. - February 4, 2004 - In a bid to head off phony e-mails that may be sent in its name to investors asking for confidential financial information, the Securities Investor Protection Corporation (SIPC) cautioned investors today that it does not use unsolicited e-mail or the Web to obtain any brokerage account numbers or other data. SIPC maintains a special reserve fund mandated by Congress to protect the customers of insolvent brokerage firms.

SIPC President Stephen Harbeck said: "While the Securities Investor Protection Corporation and court-appointed trustees do require information from investors in the course of brokerage firm liquidation proceedings, our first step is never to use e-mail to get that information. SIPC is taking this proactive step today because of our growing concern that we may be the subject of a 'phishing' scam similar to that carried out in January against the Federal Deposit Insurance Corporation (FDIC). Our advice here is unequivocal: If you get an e-mail that appears to come from SIPC and it asks for your personal financial information, do not respond to it. However, investors should report any such suspicious e-mail to regulators."

Harbeck added: "SIPC does not solicit information by e-mail. If an investor contacts SIPC by e-mail, we might request information by return e-mail, in order to refer the matter to the correct regulator or to evaluate a situation to determine if we need to intervene directly in the matter. However, such a request would only come about as a result of an e-mail inquiry from an investor. So, any claim via an unsolicited e-mail that such information is needed by SIPC for 'account verification,' 'Patriot Act compliance' or any similar imaginary purpose is 100 percent bogus."

Investor reports about "phishing" e-mails that are falsely sent in the name of SIPC should be directed to vdrew@sipc.org. Investors receiving suspicious e-mails are encouraged to forward the original e-mail along with their comments to SIPC.

Based on what is currently known, SIPC has not yet been the subject of a FDIC-style "phishing" scheme. However, the Securities Investor Protection Corporation has elected to warn the public of the potential danger now, given that con artists already have exploited its Internet presence twice in two months.

SIPC warned the public on January 29, 2004, that its Web site at http://www.sipc.org had been copied at another location by a "look-alike" Web site as part of the promotion of a nonexistent brokerage firm. That Web site has since been taken down and the matter remains under investigation by the Federal Bureau of Investigation (FBI) and the U.S. Securities and Exchange Commission (SEC).

On December 11, 2003, SIPC cautioned the public about "brokerage identity theft" schemes, under which con artists falsely pose on the Web as authentic brokerage firms that are members of the SIPC, and then persuade unwary investors to engage in transactions. Brokerage identity theft victims often are told to check the membership database on SIPC's Web site, in order to "prove" that the firm is a SIPC member, when in fact the illicit promoters have simply stolen the identity of a real SIPC member.