NY| ELANY Bulletin 2026-05 relays a New York Department of Financial Services (DFS) cybersecurity threat alert dated Jan. 22, 2026, warning regulated entities and individuals about phishing emails impersonating DFS personnel that attempt to induce recipients to open files, make payments, or provide information, and clarifying that legitimate DFS emails only come from addresses ending in dfs.ny.gov or public.govdelivery.com, not myportal.dfs.ny.gov.cazepost.com, while instructing recipients of suspicious messages to avoid embedded contacts or links and instead verify authenticity directly with their usual DFS contact or the DFS Consumer Assistance Unit and to maintain strong controls like training, simulated phishing, and email filtering; for the original DFS notice, see the DFS cybersecurity alerts or news section on the DFS website (dfs.ny.gov) referencing the January 22, 2026 phishing alert.