The Bermuda Monetary Authority has issued a warning after learning that fraudsters used a fake e-mail domain, @bma-bm.com, to trick a regulated company into sending money to an unauthorised account overseas.

According to the BMA, the scam involved spoofed e-mails and falsified payment instructions that appeared to come from the authority. These e-mails caused the company to misdirect funds to an account under the name “BMA Gulf” in another jurisdiction. The official BMA e-mail domain is @bma.bm.

“This domain is not affiliated with the BMA,” the authority said. “Any instruction to deliver funds to any other institution should be considered fraudulent.”

The BMA said it has taken steps to suspend the fake domain and has added it to its warning list of unauthorised entities. Officials also reminded the public that the only accurate payment instructions can be found on the BMA’s official website.

To avoid falling victim, the BMA urged the public to double-check e-mail addresses before responding and never to trust contact information or attachments in suspicious e-mails. Anyone with questions about payments should e-mail finance-receivables@bma.bm or call the BMA directly on (441) 295-5278.

The authority stressed the importance of vigilance: “If you have any doubts, do not open attachments. Call a known number to confirm.”