Too good to be true?

Be alert to scams and fraud

Fraud and scams are prevalent everywhere. In an ever-evolving world of technology, it makes it easier for criminals to target you from anywhere in the world.

Shield icon

Fraudsters spend time researching their victims and often have more information about them than we think. They take advantage of an individual’s instinctive willingness to trust and use this to build a rapport.

They can be charming, understanding, appear knowledgeable and persuasive. After all, if they are successful in deceiving someone, the time spent researching them and building that trust is worthwhile.

Scams are also becoming increasingly sophisticated and fraudsters will often use names of well-known companies, like BlackRock, to gain credibility and appear legitimate.

Tactics used by fraudsters include:


Phishing websites
Fake websites (e.g., fund comparison websites) to obtain personal information which is then used to make contact to offer an allegedly attractive investment opportunity.


Impersonation of BlackRock employees
Using genuine names of employees that match those on regulators’ websites or senior executives.


Use of social media channels to provide alleged training to achieve high returns
Fraudsters may use social media and messaging application to target large audiences through group chats and make it appear as if individuals in the group are making high returns and that others that do not follow would be missing out.


Fake email addresses
Using fake email addresses through free webmail services or creating domains and email addresses that look similar to genuine companies.


Fake documentation
Fake documentation such as investment prospectuses, application forms and transactional information using company logos and pictures of senior management to look legitimate.


Time pressure
Pressurizing you with time-limited offers, investments or opportunities. For example: If you don’t invest by the end of the week, you’ll miss out.


Social engineering techniques
Using social engineering techniques (e.g., manipulation, influencing) to extract confidential or personal information.


Spoofing
When fraudsters make it look like a message, email or phone call is coming from a legitimate company by changing the sender name or number that you see.

It's important to be able to spot warning signs (or red flags) potentially indicating a scam.

What are the warning signs?

It’s important that you can spot potential warning signs or red flags that may indicate you are being scammed. Some examples of these are below*:

Payment requests for payments to the bank accounts of individuals, companies or third parties that have no apparent connection to BlackRock or through cryptocurrency or payment wallets. BlackRock would never request such payments.

Poor spelling and grammar in documents or communications.

Returns that appear too good to be true and out of line with the market.

Emails from free webmail services or domains created with subtle differences such as the addition or removal of letters, numbers or special characters (e.g., blackrockk.com with an extra k rather than blackrock.com). Please note that individual BlackRock employee emails end in @blackrock.com.

Variation in email domains used in communications within a short space of time (e.g., emails first sent from a fake domain such as @blackrockbonds.com and later from a different email address such as @blackrockbonds.co.uk).

Switching email domains in the midst of an email conversation can be an indicator that the old domain has been shut down and is no longer working.

Eagerly chasing or threatening you to make a decision or a payment with urgency. Encouraging you to invest for guaranteed returns.

New or additional payment requests in order to release investments that have already been made (purportedly for tax, administration or other purposes). BlackRock would never request such payments for you to access your accounts or investments.

Time-bound offers which pressure you into making a decision or payment quickly.

Please note this is not an exhaustive list.

If you have been contacted out of the blue and have any doubts, do not proceed. If you feel pressurized, talk to someone you trust before you make any payments.

Types of scams and fraud

Fraudsters can target you through many channels such as phone calls, text messages, social media, emails or even the post.

  • The fraudsters try to convince you to invest in something that either does not exist or is worthless. They may contact you out of the blue or after you have searched for a specific investment, where you enter your personal contact details.

    They may also pretend to be BlackRock employees or senior executives promising high investment returns. Common schemes include inviting individuals to stock or crypto training sessions on social media and offer to share trading signals. As part of cryptocurrency scams, victims may be prompted to place trades on various fake trading platforms and asked to deposit additional funds before withdrawing the returns of their fake investments.

    They may send you links to genuine company websites to gain your trust, claiming to represent them. They may even use the names of genuine employees at the company or impersonate a genuine employee using fake social media accounts (e.g, LinkedIn, Instagram, Facebook, WeChat, WhatsApp, Telegram etc) and offer attractive investment opportunities in the name of BlackRock through social media platforms.

    Recent examples:

    • Fixed rate bond scams offering guaranteed returns. We have seen a number of these targeting different financial institutions, including BlackRock.
    • Cryptocurrency investment scams offering highly attractive and guaranteed returns.
    • Fake investment opportunities offered by individuals on dating or other social media apps or channels.

    Warning signs of investment scams can include:

    • Promises of high guaranteed returns with little or no risk.
    • Unsolicited contact from individuals claiming to be employees or affiliates of large, well-known companies.
    • Pressurizing you to invest immediately.
    • Emails sent from domains that have been created to look like well-known companies.
    • Individuals or entities that are not registered with the financial regulators.
    • Financial regulatory websites (such as the FCA Scamsmart page: https://www.fca.org.uk/scamsmart) have published a warning about the individual or entity that you have been contacted by.

  • The fraudsters ask for an upfront payment with the promise that you will receive money, goods or services of greater value that never materialize (e.g., a prize, loan, employment). They may describe the payment as a fee, commission, tax or administration expense.

    Recent examples:

    • Recruitment scams: you may be interviewed by someone purporting to work for a legitimate company, offered a job and then asked to make a payment for training, background checks or equipment to work from home. Note that BlackRock would never ask you to make an advance payment as a condition of employment.
    • You may be asked to download a mobile app or be provided with a link to a portal to login and invest and you may also be asked to pay an administration fee or tax fee to set up an account.
    • Loan scams offering you low interest or interest free loans for which you must make an upfront payment (e.g., administration fee or processing fee) prior to receiving your loan proceeds.

    Warning signs of advance fee scams can include:

    • Requests to make payments on the pretext that it is necessary to move forward or a condition of a contract.
    • Being asked to pay a fee to release an “investment” you already made.
  • Fraudsters will set up fake social media accounts (e.g., LinkedIn, Instagram, Facebook, WeChat, WhatsApp, Telegram etc) either in the name of a legitimate company like BlackRock, or pretend to be employees or affiliates of the company. They may use these channels to initiate contact with you and scam you.

    To appear more legitimate, they may have a significant number of connections, which could include genuine employees of the company they are pretending to be from.

    Be wary of opportunities that are offered through these channels by unknown contacts!

    BlackRock’s official social media channels can be found here.

    Recent examples:

    • Fake LinkedIn profiles purporting to be senior employees of BlackRock (CEO, Head of Europe).
    • Cryptocurrency investment scams offered through social media platforms.

    Warning signs of social media scams can include:

    • Unsolicited messages from unknown contacts on social media offering high returns.
    • Social media profiles claiming to be in senior management positions of large companies reaching out directly in relation to an investment opportunity.
  • This fraud has been prevalent in the US. A cashier’s cheque is a cheque that is guaranteed by a financial institution.

    The fraudsters will send you what appears to be a genuine looking cashier’s cheque or they will then tell you to send them goods or make a payment for goods or services or as part of a transaction.

    They do this in the hope that you will transfer the money before the bank identifies the cashier’s cheque was fraudulent – which can take weeks.

    Please note that even if the funds are showing as available at your bank after depositing the cashier’s cheque, this does not mean that the cash has cleared! It could take weeks to identify the cashier’s cheque is fraudulent so always make sure you have received the money prior to making any onward payments to avoid being caught out.

    Recent examples:

    • US law firms have recently been targeted by scammers who pretend that BlackRock is party to a transaction. The perpetrators send a cashier’s cheque and request a payment is made on the pretence of an inspection or pre-transaction requirement.

    Warning signs of cashier’s cheque fraud can include:

    • Cashier’s cheque sent from parties that you have never met or do not know.
    • Pressure to make a payment prior to funds clearing at your bank.
  • Identity theft occurs when fraudsters gain enough personal information about you (such as date of birth, full name, address history, tax identification number) and they use this information to perpetrate fraud. They may obtain this information through intercepting your post, email or from data available about you on the internet or dark web.

    Identity fraud occurs when the fraudsters use your stolen identity to deceive others in obtaining goods or services. Examples of this include opening bank accounts, taking over existing accounts (bank/investments), ordering goods/services in your name. 

    Recent examples:

    • False applications for investment accounts, loans or credit cards.

    Warning signs of identity theft and fraud can include:

    • Requests to provide personal information to someone over the telephone who has called you out of the blue.
    • Requests for personal information on websites that you have been sent a link to, especially where you were not expecting links to be sent to you.
  • This occurs when the fraudsters use your personal information to gain unauthorized access to your investment or bank accounts and divert payments to a fraudulent account in their control.

    They may obtain enough information about your account by intercepting your post, email, data available about you on the internet and dark web or that you may have inadvertently provided them. 

    Recent examples:

    • Fraudsters contact a financial institution pretending to be their client and request a redemption and change in bank account.

    Warning signs of account takeover fraud can include:

    • You receive emails or notifications about changes that have been made to your account but you did not instruct any.
    • You notice unauthorized payments from your account.
  • Business email compromise (also known as payment diversion fraud or mandate fraud) occurs when fraudsters contact businesses by email purporting to be from a company or person known to them. The fraudsters will then request a payment or notify the business of a change in bank account details to divert payments to a bank account that the fraudsters control.

    To appear more legitimate, the fraudsters may create fake email addresses that appear very similar to the one they are trying to impersonate, for example by adding, removing or replacing letters (e.g., @blackrock.com versus @blackrock.com) and may doctor real invoices or send fake ones.

    Recent examples:

    • Fraudsters access the email account of a vendor and send an email from that account noting that they’ve updated the bank details for an invoice payment in the hope that the company will update them to fraudulent details. The fraudsters change the “Reply to” address to make sure they receive any responses.
    • An email is sent to an employee impersonating the CEO of a company and requesting an urgent payment to an account controlled by the fraudsters.

    Warning signs of BEC fraud can include:

    • Subtle changes to email addresses and domains.
    • “Reply to” addresses that do not match the sender address.
    • Urgency expressed to make a payment.
    • Requests to not communicate with anyone else due to confidentiality or secrecy.

Am I being scammed?

Fraudsters can target you through many channels such as phone calls, text messages, social media, emails or even the post.
Emails outside BlackRock’s domains
Were you contacted by someone claiming to be an employee using an email other than “@blackrock.com” or other official domain?
App downloads through social media
Were you told to download an investment/crypto App through social media?
Suspicious job offers
Were you offered a job opportunity from someone pretending to be associated with “BlackRock” and then asked to make a payment?
Social media contacts with investment offers
Were you approached about an investment (e.g. Crypto, bonds) on social media by someone claiming to be associated with BlackRock and asked to make a payment?

It’s NOT BlackRock, you’ve been scammed!

BlackRock’s official email domains and social media channels can be found in the More Resources section below. All BlackRock jobs for which we are externally recruiting are posted on our careers site.

Protect yourself from scams and fraud

You should always remain cautious and alert to the risk of frauds or scams, especially before making any payments. Here are some tips on how to protect your money and personal information:

DOs

  • Remain vigilant and challenge what you are being told. If you are unsure, do not proceed. Look out for potential warning signs.
  • Check with someone you trust or obtain a phone number from a trusted source before making a decision (do not use the one on the documentation you have been sent).
  • Some regulators, like the UK’s Financial Conduct Authority and Ireland’s Central Bank of Ireland publish warning lists about investment scams so be sure to check those. Please note that fraudsters and scammers can change their tactics quickly so there may be a time delay in such warnings being published.
  • Install anti-virus software on your devices and ensure your mobile and tablets are updated to the latest operating systems.
  • Shred information about your financial investments, do not just throw it away.

DON'Ts

  • Never give out your personal information (such as bank details, PIN numbers and passwords) to anyone who contacts you out of the blue.
  • Never make a payment because you feel pressurized to do so.
  • Never click on a link in an email or message you have received that you were not expecting. Criminals could be using this as a tactic to gain access to your IT systems.
  • Never grant someone that called you unexpectedly remote access to your computer or any other device.

I've been scammed. What do I do?

If you believe you’ve been scammed and have lost money, we recommend taking the following steps:
1. Contact your bank
Immediately contact your bank. They may be able to stop or recall the payment.
2. Report to law enforcement
Report it to law enforcement in your jurisdiction.
3. Report to financial regulator
Report it to the financial regulator in your jurisdiction, if appropriate.