Identifying Phishing, Fraud, and Other Scams

At Fidelity Digital Assets^®, we offer a digital assets experience that is focused on security, integrity, and expertise. Our commitment to safeguarding our clients’ accounts and data is a top priority and we continually review our practices to reduce the potential for any issues. To this end, we encourage institutional investors to be aware of common social engineering tactics, such as phishing and other tactics used by scammers to impersonate customer service associates.

What Is Phishing?

Phishing attacks are fraudulent communications pretending to be a person or institution you trust to access your personal information. Cyber criminals are constantly trying to access private data through emails, text messages, and phone calls. These communications may appear legitimate, but they can be filled with malicious links, attachments, and other deceptive methods designed to steal your information.

You may be familiar with the term “phishing," which specifically refers to email scams. But there are more locations and tactics being used by criminals than ever, including:

• Smishing: Text messages claiming to be a business you trust that usually contain a fraudulent link
• Vishing: Phone calls that attempt to trick you into providing sensitive information, or giving access to your computer, by claiming to be a representative from a company you do business with

Tips to Identify Phishing and Other Fraud Attempts

Be vigilant about these common tactics used by scammers.

Be wary of unexpected communications

Avoid opening links or attachments in an email or text message you are not expecting. Do not answer the phone unless you recognize the phone number and are expecting the call (it is easy for fraudsters and cyber criminals to "spoof" a phone number and make it appear as though they are calling from a reputable organization). 

Reputable businesses will not contact you to request your personal information

Fraudulent emails, text messages, and phone calls will often contain a request for personal information to obtain access to your financial assets, identity, and/or personal computer.  

Verify the sender

Sometimes, it is difficult to tell when an email, text, or phone call is legitimate, or just looks or sounds like an authentic communication. With the prevalence of artificial intelligence, it is easy and quick for cyber criminals to craft messages with perfect spelling and grammar. 

Make sure the company that is represented is one you trust and that you are expecting the communication. If you are uncertain about specific communication, reach out directly to your service representative using the official contact information you have on file.

Don't let your emotions get the best of you

If the email, text message, or phone call sounds too good to be true, it likely is. If it is attempting to play on your fear or emotions, e.g., provoking a strong sense of loss if you "don't act now," that should be a red flag.

Common Types of Scams 

Many times, these scam attempts follow a certain playbook. Here are a few of the most common types of fraud that you may encounter.

• Grandparents scam: Scammers call or email posing as a grandchild/family member in distress who needs money (usually via gift card or cash) immediately.
• Romance scam: Criminals using dating websites, apps, or social media to build rapport and trust—and then start asking for money.
• Lottery/inheritance scams: Fraudsters send fake letters or emails telling people they must pay an up-front fee to claim the prize.
• Imposter scams: A criminal calls pretending to be from Fidelity Investments®, Fidelity Digital Assets®, or another reputable service provider, and requests you send them back a one-time passcode that the criminal has generated through fraudulent web activity, such as attempting to reset your password.
• Remote access scams: A criminal will call and claim to be from a well-known company. They will request access to your computer, and, if granted access, they will try to make you believe that you have a serious problem like a malicious software infection that you will have to pay them to fix.  Or they may use this access to your computer to log in to various accounts you have with different providers, using your stored browser passwords.

Reporting Suspicious Activity

If you receive communication that you believe is attempting to impersonate Fidelity Digital Assets, please email  support.digitalassets@fmr.com with:

• The suspected email as an attachment
• Your full name, email address, and phone number associated with your accounts. Do not include any account number, username, or password.
• Your yes-or-no answers to the following questions:
  • Did you open any links or images within the suspected email?
  • Did you enter or submit your login credentials?

Upon receiving your email, our team will investigate further. If it is fraudulent activity, we will attempt to get the source of the email and fake websites shut down as quickly as possible. 

If you are concerned your account may have been compromised, please reach out to your Relationship Manager.