Phishing Attacks Targeting FCA & HMRC: What London Finance Teams Need to Know

9 April 2026

Finance and hedge fund teams across London are facing a sharp rise in targeted phishing and credential-based attacks. What’s changed is not just the volume, but the level of sophistication. Attackers are now convincingly impersonating trusted regulators like the FCA and HMRC, making these threats harder to detect and far more dangerous.

What’s Actually Happening

These attacks typically start with an email that looks legitimate. It might reference compliance deadlines, urgent regulatory updates, or account verification requests. The branding is familiar. The tone is authoritative. And the pressure to act quickly is deliberate.

Once a user clicks a link or enters their details, credentials are captured. In many cases, attackers don’t stop there. They use credential stuffing techniques, taking passwords exposed in unrelated breaches and trying them across multiple systems. If employees reuse passwords, one compromised login can unlock access to critical financial systems.

The result is often silent access. No alarms, no obvious breach. Just unauthorised entry into sensitive data, client accounts, or internal communications.

What These Emails Actually Look Like

To understand how convincing these attacks can be, here are a few examples similar to what finance teams are receiving:

FCA “Urgent Compliance Update”

An email appears to come from the FCA requesting an immediate compliance review, warning of regulatory consequences if action isn’t taken within 24 hours. It includes a “secure portal” link that leads to a fake login page designed to capture credentials.

HMRC “Tax Discrepancy Alert”

A message claims there’s an issue with a recent tax submission and urges the recipient to verify details to avoid penalties. The email often uses generic greetings and directs users to a fraudulent login page.

“Secure Document” Notification

Users receive a message stating a secure document is available from the FCA, with an attachment (often an HTML file). Opening it prompts the user to sign in, harvesting their credentials.

Internal IT Impersonation

Attackers may also pose as internal IT teams, sending password expiry notices that push users to reset credentials via a malicious link. These are particularly effective as they feel routine and expected.

Across all of these, the pattern is consistent: urgency, familiar branding, and a request to log in or take immediate action.

What Your Team Should Be Doing

The good news is that these attacks are preventable with the right controls and habits in place.

Start with Multi-Factor Authentication. It’s one of the most effective safeguards you can deploy. Even if credentials are stolen, MFA creates a strong barrier to entry.

Next is staff awareness. Your team is the first line of defence, but only if they know what to look for. Regular phishing simulations and training help employees spot subtle red flags before damage is done.

Verification culture matters too. Encourage staff to pause and double-check unusual requests, especially those involving sensitive data or urgent action. A quick internal confirmation can stop an attack in its tracks.

Finally, visibility is key. Monitoring login activity, especially for privileged accounts, helps detect unusual patterns early. Suspicious access attempts, odd locations, or repeated login failures should never go unnoticed.

Where Maple Fits In

This is where Maple steps in as more than just IT support.

We work closely with finance firms to actively reduce their exposure to these threats. That means continuous monitoring for phishing activity, securing endpoints, and analysing login behaviour to catch anomalies before they become incidents.

We also help implement and manage the controls that matter most, like MFA, secure access policies, and user awareness programmes. Beyond that, we run phishing and credential audits to identify weaknesses in your current setup and give you a clear plan to fix them.

The Outcome for Your Firm

For our clients, the result is confidence and control.

Phishing attempts are identified earlier. Staff are better prepared and less likely to fall victim. Compromised credentials are far less likely to lead to breaches. And if something does happen, it’s detected and contained quickly.

In a sector where trust, compliance, and data security are everything, that level of resilience isn’t optional. It’s essential.

If you’re unsure how exposed your firm might be, now is the time to find out. Maple can help you assess your risks and strengthen your defences before an attacker finds the gap.