On January 22, the NYDFS issued an alert informing regulated entities about an email phishing scam falsely claiming to represent the regulator. The alert warned that scammers may have sent emails urging recipients to open files, make payments, or share missing files, often using email addresses ending in “[@]myportal.dfs.ny.gov.cazepost.com,” NYDFS stated emails from this domain are not legitimate.

NYDFS emphasized that official communications only come from “[@]dfs.ny.gov” or “[@]public.govdelivery.com” domains and advised recipients to verify unexpected requests for payments, attachments, or credentials by contacting the agency directly. The agency urged recipients to exercise caution when asked to provide sensitive information, open attachments, or enter account information.