'Email scam' was training exercise, says regulator

A reflection of a road and harbour full of boats in a window. The window has translucent logo of the Guernsey Financial Services Commission with a red lion.

Staff at a finance firm were sent emails pretending to be from the commission asking them to log into a fake portal

Jack Silver
BBC News, Guernsey

A suspected scam where people were sent emails pretending to be from Guernsey's financial regulator was a training exercise run by another company, the regulator has said.

The Guernsey Financial Services Commission (GFSC) said it had been made aware of a "possible phishing attempt" asking a firm and its staff to log into a site imitating one of GFSC's online portals earlier this week.

However, an investigation revealed it was a "training exercise run by a third-party for its staff", the commission said.

A spokesperson for GFSC said the incident was a "timely reminder" that firms should notify the commission if they have been targeted by cyber crime.

They said firms should "exercise caution and vigilance by not clicking on or opening unfamiliar links in emails".

The commission said the fake emails had come from a similar-looking web domain name, but not its official address, gfsc.gg.

'Suspected phishing'

The emails linked to a site pretending to be GFSC's Personal Questionnaire portal.

The GFSC advised firms to follow its cyber rules and guidance to keep themselves safe.

As the bailiwick's financial regulator, GFSC said it continued to be a "target or tool used by criminals" trying to trick people into giving access to their information or to access funds.

It said past attacks used tricks including a cloned copy of its website and emails coming from slightly different domains.

Guernsey's Office of the Data Protection Authority (ODPA) said it had updated its own data protection advice in light of the latest incident.

Brent Homan, the island's data protection commissioner, said: "The Bailiwick of Guernsey has been the subject of phishing attacks over the last few months, which if successful, can compromise your organisation and the data you hold.

"We advise all residents to remain vigilant when receiving emails or texts urging you to click on a link, especially when that email is unanticipated."

Follow BBC Guernsey on X (formerly Twitter) and Facebook. Send your story ideas to channel.islands@bbc.co.uk.

Related topics

More on this story

Related internet links