Dear Compliance Professional,
We have just been notified by one of our clients of a wire fraud scam and wanted to bring it to your immediate attention. A cyber criminal created a fake client email message in an attempt to trick the adviser into wiring cash out of one of their client’s online investment accounts. If the adviser had fallen for the scam, a wire transfer would have been executed and cash would have been transferred into a bank account controlled by the cyber criminal.
Apparently, taking over or impersonating someone’s email account is not all that difficult to do. Search engines and social networks have made finding and profiling potential victims rather easy.
However, cyber criminals don’t always get it 100% right. In this case, they spelled the client’s name with an extra “p” and the adviser became suspicious (correctly surmising that a client would know how to spell their own name). As a result, the client was contacted and it was determined that the email message did not emanate with the client.
A Typical Scenario
Back in January of this year, the FBI released a Fraud Alert involving email intrusions to facilitate wire transfers overseas.
The Fraud Alert reported that in a typical scenario, the cyber criminal will send an email to a financial institution, brokerage firm employee, or the victim’s financial advisor pretending to be the victim and request the balance of the victim’s account. When the request for balance information is successful, the cyber criminal then sends another email providing a reason why they can only communicate via email and asks that a wire transfer be initiated on their behalf. The excuse is typically based on an illness or death in the family which prevents the account holder from conducting business as usual.
Combatting Wire Fraud
Some steps to combat wire fraud include:
Paying special attention to wire transfers that are going to a third-party account as opposed to the client’s existing and known bank accounts.
Checking and double-checking any email addresses for wire transfer requests to verify it is a legitimate email address.
Verifying the client’s signature on the wire transfer form by comparing it to prior signed documents.
Watching for suspicious indicators in the transfer request or the email address.
Educating clients about how to protect themselves.
Our advice is to contact your client before wiring money out of their account. This simple step could end up saving you a lot of money and most likely the client relationship.