The Securities and Exchange Commission (SEC) is aware of reports of malicious emails sent to some EDGAR filers that appear to be part of a phishing campaign to compromise company network systems and obtain access to non-public information. The malicious emails purport to be communications from the SEC about changes to Form 10-K and sometimes contain malicious attachments. Clicking on the attachment(s) results in an attempt to install malware designed to obtain unauthorized access to the recipient’s computer and/or network.
Please be advised that the SEC has not made any recent changes to Form 10-K and has not notified filers that changes have been made. Such emails purporting to be from the SEC should be deleted and your network administrator or information security personnel should be notified.
More information on phishing, detection methods, and tips for protection can be found in the SEC Investor Publication, “Phishing" Fraud: How to Avoid Getting Fried by Phony Phishermen.”