The SEC posted a warning on Bogus E-Mail Purporting to be from SEC Office of the Whistleblower. The SEC’s Office of the Whistleblower is real; the e-mail is a hoax.
Earlier this week I received an angry email complaining about spam sent by me. That left me a bit confused because I don’t send out spam. It turns out a scumbag was sending around a fake message from the SEC’s Whistleblower Office:
Dear customer, Securities and Exchange Commission Whistleblower office has received complaint about alleged misconduct at your company, including Material misstatement or omission in a company’s public filings or financial statements, or a failure to file Municipal securities transactions or public pension plans, involving such financial products as private equity funds.
Failure to provide a response to this complaint within 21 day timeframe will result in Securities and Exchange Commission investigation against your company. You can have access to the complaint details in U.S. Securities and Exchange Commission Tips, Complaints, and Referrals portal under the following link …
It turns out the email was using a hotlink to a copy of the SEC logo I store on this website. So the email displays the SEC logo by pulling the image from Compliance Building.
My first action was to delete the image file. I don’t want to help the spammers. This left a little red “x” in the email indicating a missing image.
Then I noticed that the email was running rampant. My site stats tools did not pickup hotlinked image files. My webhost pointed me to the visitors log. That showed thousands of instances of that image file being accessed every hour.
I decided to change course and fight back. Since I know just enough html to get myself in trouble, I decided to change the image, but keep the same image file name and file path. I inserted the simple image you see at the top of this story. Email recipients of the spam will see that image instead of the SEC logo. Hopefully that will make email much less effective.
In case you couldn’t follow, the spam email originally looked like this:
By changing the image file on my site, the spam email now looks like this:
I’m just sorry that I didn’t see the usage sooner. I also contacted the site that supposedly hosted the complaint details. They removed the offending file, hopefully putting an end to the mischief. The spam email seems to still be in wide circulation since I see that image file getting accessed so often.