CSBS Warns of Phishing Campaign Impersonating NMLS

NH Banking News & Announcements

Published March 23rd, 2026

Detected March 23rd, 2026

Summary

The Conference of State Bank Supervisors (CSBS) has issued a warning regarding a phishing campaign impersonating the Nationwide Multistate Licensing System (NMLS). The campaign uses fraudulent websites and emails to capture user credentials. Regulated entities are advised to be vigilant and report suspicious activity.

View original document View source feed page

What changed

The Conference of State Bank Supervisors (CSBS) has identified a phishing campaign that impersonates the Nationwide Multistate Licensing System (NMLS). Threat actors are using unauthorized domains and fraudulent websites that mimic NMLS branding to capture user credentials. These emails may create a false sense of urgency, prompting recipients to click malicious links or submit sensitive information.

Financial institutions and individuals using NMLS should exercise extreme caution with unexpected emails requesting sensitive information or urgent actions. It is critical to verify sender email addresses, avoid clicking suspicious links, and only access NMLS through official channels. Any suspected credential compromise requires immediate password reset, and suspicious emails should be reported to security@csbs.org.

What to do next

Verify sender email addresses for unfamiliar or misspelled domains.
Avoid clicking on suspicious links or opening attachments.
Report suspicious emails to security@csbs.org and reset passwords if credentials were compromised.

Source document (simplified)

Home
CSBS warns of phishing campaign impersonating NMLS

Announcement For Immediate Release Posted: March 23, 2026

Contact Ian Clark, Public Information Officer
(603) 271-4865 | ian.m.clark@banking.nh.gov

CSBS warns of phishing campaign impersonating NMLS

From the Conference of State Bank Supervisors (CSBS):

We have identified a phishing campaign impersonating NMLS (Nationwide Multistate Licensing System). These emails originate from unauthorized domains and include links to fraudulent websites designed to capture user credentials while mimicking NMLS branding.

These messages may appear credible and create a sense of urgency to prompt actions such as clicking links or entering sensitive information.

Please keep the following in mind:

Be cautious of unexpected emails requesting sensitive information or urgent action.
Verify sender email addresses for unfamiliar or misspelled domains.
Avoid clicking on suspicious or shortened links or opening attachments.
Only access NMLS through official channels.
Report suspicious emails to your security team or security@csbs.org. If you believe you entered credentials on a suspicious site, reset your password immediately.