The Financial Conduct Authority has issued a fresh warning to firms after uncovering a growing number of scams involving fake FCA emails, websites, text messages and letters designed to trick businesses into revealing sensitive information.
The regulator says fraudsters are increasingly impersonating FCA employees and communications channels in an attempt to obtain confidential business information, financial details or payments.
Among the latest threats identified are fake letters claiming to be from FCA Deputy Chief Executive Sarah Pritchard and referencing a fictitious supervisory review. The letters include bogus FCA contact details and have been circulated to firms during 2026.
The FCA has also warned firms about a fraudulent website using the domain fca.org.lc, which it says could expose users to malware and other cyber security risks.
FAKE DOMAINS
In a reminder to regulated firms, the FCA stressed that genuine FCA emails will only be sent from addresses ending @fca.org.uk. It has identified numerous fake domains being used by fraudsters, including @members-fca.org, @member-fca.org and @mail-fca.org.
The regulator has also received reports of scam text messages claiming to be from the FCA, often warning recipients about alleged data breaches and urging them to call a phone number. In some cases, fraudsters then attempt to obtain bank account details and other sensitive information.
The warning comes as financial services firms face increasing cyber and fraud risks, with criminals using increasingly sophisticated techniques to mimic legitimate regulatory communications.
STAY VIGILANT
Mortgage brokers, lenders and protection firms are being urged to remain vigilant, particularly when receiving unexpected communications requesting information, payments or action.
The FCA said firms should carefully verify the authenticity of any correspondence and avoid clicking on links or opening attachments in suspicious emails.
The regulator also reminded firms that its genuine websites use official domains including fca.org.uk, register.fca.org.uk and myfca.fca.org.uk, warning that cloned websites often use only minor variations in web addresses to deceive users.
Firms that believe they have been targeted by a scam or received suspicious communications are being encouraged to report the matter directly to the FCA HERE to help prevent others becoming victims.
