The Bermuda Monetary Authority issued a public warning about emails sent from a spoofed account using the domain @bma-bm.com, which were used to misdirect payments intended for the Authority. The messages targeted a regulated entity and sought to divert funds to an unrelated account in the name of “BMA Gulf” in another jurisdiction, supported by false payment instructions made to appear as if issued by the Authority. The Authority reiterated that official fee information and payment instructions are published on its website and that any request to send funds to another institution should be treated as fraudulent. It also reminded recipients that legitimate Authority emails use the @bma.bm domain, advised recipients not to open attachments or rely on contact details contained in suspicious emails, and noted it has taken steps to have the fraudulent domain suspended and has added it to its warning list of unauthorised entities.
Bermuda Monetary Authority 2025-08-14
Bermuda Monetary Authority warns spoofed bma-bm.com email domain is being used to divert wire payments
The Bermuda Monetary Authority issued a warning about spoofed emails from the domain @bma-bm.com, used to misdirect payments intended for the Authority. These emails targeted a regulated entity, diverting funds to an unrelated account under "BMA Gulf" with false instructions. The Authority emphasized that official communications use the @bma.bm domain and advised caution against fraudulent requests.