Cybersecurity threats grow more sophisticated
Just as technology advances, so do the tools cyber criminals use to steal from clients. Wire fraud, identity theft, and email scams – especially “phishing” – currently threaten data security for financial advisors and clients and are growing in sophistication. We have recently seen more attempted wire fraud from these cyber criminals. After gaining access to a client’s email account, criminals comb through the account for financial information, account numbers, and the names of the email holders’ financial institutions. They then use this information to communicate with an advisor and request unauthorized wire transfers.
Help protect Clients From Wire Fraud
For all third party wire requests you are required to verify the requests by speaking with the client – either in person or on the phone. To mask their efforts for unauthorized wire transfers, criminals may modify the victim’s email settings so that any legitimate emails from their advisor are delivered to the victim’s spam folder.
- If calling the client to verify the request, the person to make the call should know the client personally. In some cases criminals are hacking into clients’ phones and forwarding calls to a disposable cell phone. When advisory firms call to verity the wire request, they impersonate the client and authorize the transfer.
- When calling to verify the request, put the onus on the client to verify details of the transaction. Don’t volunteer information and simply ask clients to verify the amount and destination of the funds. Ask open-ended questions, such as “I understand you have requested a wire transfer. Can you tell me how much you want to wire, the purpose of the wire, and why you are transferring funds to a third party?”
A common sign of potential fraud is when a client who has never requested a wire transfer suddenly makes a request that seems out of the ordinary or out of character. Criminals may also use the “sympathy ploy”, claiming hardship, accident or death in the family. These requests often ask that the client only be contacted through email and not through any other channels, which is designed to limit your ability to verify the authenticity of these request.
Contact ASN immediately if you suspect a fraudulent wire request. We will work with you to help determine what steps need to be taken.