Fake FCA emails, websites, letters and phone calls
First published: 02/04/2016 Last updated: 05/07/2022 See all updates
Find out about some of the common ways scammers may contact you claiming to be from the FCA.
If you get an email, letter or phone call from someone claiming to work for us, it’s important you consider the possibility that it could be scam.
Find out how to protect yourself from fake FCA communications or learn how to report a scam to us.
Fake FCA emails
We send emails from addresses ending in:
We have measures in place to prevent fraudsters spoofing our email addresses. But fraudsters often use similar email addresses to make emails appear genuine.
We have received reports of fake emails from several domains, including:
- firstname.lastname@example.org, email@example.com, firstname.lastname@example.org. These email addresses do not match any FCA employees, but are actually being sent by email@example.com firstname.lastname@example.org. The top 3 subject lines in these fake emails are, “Project Loan”, “Project Seking”, and “Project Seking Loan” (July 2022)
- @secure-fca.org.uk: potential scam email to firms using this email address (July 2022)
- @opbas.net and @opbas.uk
- email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org (this email asks to complete a survey on our conduct rules and coronavirus)
- email@example.com (a fake email sent to firms regarding a due diligence request. This email is a clone address. Don’t open the link to the questionnaire in the email. November 2020)
- fake emails claiming to be from RegData (data collection platform) with the domains rdc-fca.com and rdc-fca.org.uk (February 2021)
- @fca.com – fake email about firm details attestations submissions. Emails are being spoofed so falsely appear to come from this address (January 2022)
You should always delete suspicious emails without opening them.
Fake versions of our websites
Fraudsters may create copies of our websites and change the information. They may change our warnings pages so it looks like scam firms are authorised by us.
These cloned websites can be very convincing, with links and contact information copied from our website.
You can make sure our website is genuine by checking the website address that appears in the address bar at the top of the webpage. It should always begin with: http://www.fca.org.uk or register.fca.org.uk/s/ for the FS Register.
Be aware that some fake versions of our website will make small changes in the domain name to make them look similar (eg ‘register-fca.org.uk’ instead of the real website ‘register.fca.org.uk’).
Our online systems for firms have web addresses that start with:
Our social media accounts
- Facebook (ScamSmart) www.facebook.com/FCAScamSmart
- LinkedIn www.linkedin.com/company/financial-conduct-authority, www.linkedin.com/showcase/transforming-culture-
- Twitter twitter.com/TheFCA, twitter.com/FCAInsight, twitter.com/FCACymru
- YouTube www.youtube.com/user/TheFCAtv
Remember, do not give out any personal information following an incoming call and do not call these people back using the contact details they have provided.
We do sometimes call consumers in connection with investigations. If this happens and you want to check you are speaking to a genuine FCA employee, please contact our consumer helpline.
Read Ofcom’s guide on how to avoid ‘caller ID spoofing’.