Executive summary

We are aware of an active phishing campaign which is spoofing the Guernsey Financial Services Commission’s email domain. The official domain is gfsc.gg. Threat actors are impersonating this, and so far have been recorded as using gg-gfsc.com and/or g-gfsc.com. If you have received an email from the commission and are unsure of its authenticity do not click any links or attachments and forward it to phishing@gfsc.gg.

What’s the risk to me or my business?

Cyber attackers are utilising deceptive email domains that closely resemble the official commission's email domain to conduct phishing attacks. Falling victim to such attacks can lead to unauthorised access, data breaches, financial loss, and damage to the reputation of the affected party. The only domain used by the GFSC is gfsc.gg.

What can I do?

Black arrow recommends being extra vigilant when dealing with emails from the GFSC, if you are unsure of its authenticity do not click on any links or attachments and forward the email to phishing@gfsc.gg.

Further information and guidance can be found here:

https://www.gfsc.gg/news/spoof-emails-1

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatalert #threatintelligence #cybersecurity