Changeflow GovPing Financial Regulation DFS Alert: Phishing Scam Targeting Regulated En...
Priority review Notice Added Final

DFS Alert: Phishing Scam Targeting Regulated Entities

Favicon for www.dfs.ny.gov NY DFS Industry Letters
Published January 22nd, 2026
Detected February 12th, 2026
Email

Summary

The New York Department of Financial Services (DFS) issued an alert regarding a phishing scam targeting regulated entities. The notice advises entities to exercise caution with unexpected communications and verify legitimacy before taking action.

View original document View source feed page

What changed

The New York Department of Financial Services (DFS) has issued a cybersecurity threat alert to its regulated entities and individuals, warning them of a sophisticated phishing scam. The scam involves emails falsely claiming to be from DFS personnel, urging recipients to open files, make payments, or share missing information. The alert specifically identifies a fraudulent email domain ([@]myportal.dfs.ny.gov.cazepost.com) and contrasts it with legitimate DFS email domains ([@]dfs.ny.gov or [@]public.govdelivery.com).

Regulated entities are strongly advised to exercise extreme caution with unsolicited communications from DFS, especially those requesting immediate payment, attachments, or account credentials. They should verify the legitimacy of such emails by directly contacting their primary DFS point of contact or the DFS Consumer Assistance Unit, rather than using contact information provided within the suspicious email. The DFS also reiterates the importance of ongoing personnel training, simulated phishing exercises, and technical controls like email filtering to mitigate such threats.

What to do next

  1. Review email header information for suspicious communications claiming to be from DFS.
  2. Verify the legitimacy of any unexpected DFS communication requesting payment, attachments, or credentials by using direct contact information, not links or contacts in the email.
  3. Continue regular personnel training and simulated phishing exercises.

Source document (simplified)

Industry Letter

Date: January 22, 2026

To: DFS-Regulated Entities and Individuals

Re: Cybersecurity Threat Alert – Email Phishing Scam Targeting DFS Regulated Entities

The Department of Financial Services (“DFS”) is alerting regulated entities and individuals to use caution before responding to outreach from individuals falsely claiming to represent DFS.

DFS recently became aware of phishing emails purporting to come from DFS personnel urging regulated entities to open files, make payments, and/or claims to share a file that is missing to prompt further engagement. DFS urges all regulated entities to closely review email header information, including the email address used to transmit the email.

Legitimate DFS emails will be sent only from [@]dfs.ny.gov or [@]public.govdelivery.com. At least some of the messages claiming to be from DFS were sent from [@]myportal.dfs.ny.gov.cazepost.com. Emails from this domain are not legitimate.

If you receive unexpected communications from DFS requesting immediate payment, to open an attachment, or to enter account credentials, you should confirm the legitimacy of the email before taking action. Do not use contacts or links provided in these communications. Instead, directly reach out to DFS via your primary point of contact or the DFS Consumer Assistance Unit .

As always, regulated entities and individuals should exercise caution when asked to provide sensitive information, open attachments, enter account credentials, change payment instructions, or issue payments. DFS urges regulated entities and individuals to continue regular personnel training and simulated phishing exercises in addition to technical controls such as email filtering and alerts for external emails.

Related changes

Favicon for www.dfs.ny.gov New York Behavioral Health Treatment Access Campaign Launched
Routine Mar 12, 2026 NY DFS Press Releases Financial Regulation
Favicon for www.dfs.ny.gov Statement on FY 2027 Executive Budget Hearing
Routine Mar 12, 2026 NY DFS Press Releases Financial Regulation
Favicon for www.dfs.ny.gov New York Regulation for Buy Now, Pay Later Loans
Priority review Mar 12, 2026 NY DFS Press Releases Financial Regulation
Favicon for wid.cert-bund.de CPython Vulnerabilities Allow Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de Vim Vulnerability Allows Code Execution (CVSS 6.6)
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de FreeRDP Vulnerabilities - Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts

Source

Favicon for www.dfs.ny.gov
NY DFS Industry Letters dfs.ny.gov/industry_guidance/industry_letters
Financial Regulation
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
State Insurance Departments (10 States)
Published
January 22nd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Insurers Financial advisers
Geographic scope
State (New York)

Taxonomy

Primary area
Cybersecurity
Operational domain
Compliance
Topics
Financial Services Fraud Alert

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Financial Regulation alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when NY DFS Industry Letters publishes new changes.

Free. Unsubscribe anytime.