It seems like every year thieves become more creative in finding new ways to steal. A disturbing new trend is directly targeting financial advisors and their clients. Financial institutions are seeing a noticeable increase in attempts at fraudulent wire transfers by email “spoofing,” where an email request appears to be sent from the client, but is actually from a fake-but-similar email account (or sometimes it’s the client’s actual account).
Think, for a minute, about the emails you have sent to your advisor. If your email account was hacked, the hacker would have access to all of those emails in your sent folder. They could easily send an email (from “you”!) to your advisor requesting a fund transfer to a third-party bank account, along with convincingly forged letters of authorization. If you’ve ever emailed a scanned copy of something you’ve signed, they have access to your signature too. Often, by the time someone realizes the request is fraudulent, it is often too late. The money is already gone, the transfer cannot be unwound, and the wire fraud theft is complete.
It is our policy to never accept instructions like this via e-mail, but in response to this increased risk, we have trained our employees to identify warning signs of electronic wire fraud attempts. We have also reviewed and improved our procedures to verify a wire transfer request is legitimate before acting on it, particularly in scenarios where the transfer is going to a third party.
However, it’s important to take steps to make sure your information is secure and avoid the possibility of this type of fraud altogether. We use www.box.com to securely share files with our clients and keep that sensitive information out of your inbox.
Just to be safe, here are some tips on how you can help protect your email accounts from being hacked:
- Make sure to use secure complex passwords. We recommend choosing a password with a minimum of 8 characters, including upper & lower case letters, numbers and symbols.
- Don’t use the same passwords on multiple accounts. If you get hacked in one, they have access to everything.
- Use double authentication if possible. This requires you to enter an extra code when logging in from an unrecognized IP address. Click here to learn more about Google’s 2-step verification.
- If you get email on your smart phone, make sure the phone is password protected.
- Beware of storing documents in your email that contain your signature, social security number, or other non-public personal identifying information. If your account gets hacked, the thief will have everything they need to steal your identity.
- Don’t ignore signs that your email account has been hacked, like finding emails you didn’t send in your ‘sent’ folder, or hearing from your friends that they’ve received spam from your email address.
- If you do get hacked, be sure to change your passwords immediately! Also call your financial institutions to make sure your accounts have not been compromised.