Australian Regulator Combatting Surge in AI-Driven Scams as Phishing Attacks Target CMC Markets

Cybersecurity analysts have identified a sophisticated phishing operation specifically targeting high-net-worth clients of CMC Markets and TD Direct Investing. According to data from MailGuard AU, the campaign utilizes realistic branding and legal disclaimers to deceive investors into handing over login credentials.

The fraudulent emails reportedly utilize a subject line referencing a "Federal Tax Residency Verification Notice" and claim that a renewal of W-8BEN PMC certification is required to comply with U.S. IRS regulations. Users who click the links are directed to counterfeit login portals designed to harvest sensitive account information.

This specific campaign coincides with a broader warning from the Australian Securities and Investments Commission (ASIC) regarding the proliferation of fraudulent investment platforms. ASIC reports that it is currently removing approximately 130 fraudulent websites weekly, having taken down over 10,000 sites to date.

Regulators have expressed concern that artificial intelligence is being used to create increasingly convincing scams. ASIC highlighted that scammers frequently clone the regulator's own "Moneysmart" consumer website to harvest personal data.

"ASIC is taking down around 130 fraudulent investment websites each week... The regulator has increased investigations and enforcement actions, though losses remain significant, with Australians reporting AU$2.74 billion in fraud."

While enforcement has intensified, financial damages remain high. Investment scam losses alone reached $945 million in 2024. ASIC continues to emphasize that legitimate regulatory bodies will never request personal data or payments for investment schemes via unsolicited contact.