Email Hackers Stealing Investor Funds, FINRA Warns

Fraudsters gain access to email accounts and then email instructions to the firm to transfer money from brokerage accounts, FINRA says

More On Legal & Compliance

from The Advisor's Professional Library
  • RIAs and Customer Identification Just as RIAs owe a duty to diligently protect their clients’ privacy and guard against theft, firms also play a vital role in customer identification. Although RIAs are not subject to an anti-money laundering rule, securities regulators expect advisors to address these issues in their policies and procedures.
  • Code of Ethics Rule The Code of Ethics Rule, found in Rule 204A-1, uses severe consequences for violation to help ensure investment advisors will do the right thing.  

The Financial Industry Regulatory Authority issued an Investor Alert on Thursday warning investors that email hacking is on the rise, and that they should immediately contact their brokerage firm or financial institutions if they suspect their accounts have been compromised.

FINRA says that it issued the alert, "Email Hack Attack? Be Sure to Notify Brokerage Firms and Other Financial Institutions," because it has been receiving an “increasing number of reports involving investor funds being stolen by fraudsters who first gain access to the investor's email account and then email instructions to the firm to transfer money out of their brokerage account.”

The alert warns investors about the potential financial consequences that follow an email account being hacked and provides tips for safeguarding their assets, and links to a joint fraud alert issued by the FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC) and Internet Crime Complaint Center (I3C) that describes a similar trend in which hacked email accounts are being used to facilitate wire transfers.

FINRA also issued a regulatory notice highlighting some of the risks associated with accepting instructions to transmit or withdraw funds via email and recommending that firms reassess their policies and procedures to ensure they are adequate to protect customer assets from such risks.

“Investors who suspect that their email account has been hacked should immediately notify their brokerage firm and other financial institutions, and anyone who suspects they have been defrauded should file a complaint with FINRA,” said Gerri Walsh, FINRA’s vice president for Investor Education, in a statement.

The alert teaches investors how to tell when their email account has been hacked and informs them of the steps they should take if their personal financial information has been stolen.

Tell-tale signs that an investor’s email has been hacked, the FINRA alert says, include reports of spam from people in your “contacts” folder or a slew of “bounced” email messages from people you don’t know. Investors also may find that their password or other account settings have been changed–or that their email provider has blocked them from accessing their account.

If your email account has been hacked, FINRA says investors should take these steps:

  • Immediately contact your brokerage firm and other financial institutions, including credit card issuers, to notify them of the problem. Also notify the credit bureaus to put a fraud alert on your file.
  • Check your brokerage account for unauthorized transactions–especially withdrawals or wire transfers to an account that is not yours–and ask the firm to investigate if you find any.
  • Change your username, password and PIN for your financial accounts–and also change your password to your email account.
  • To prevent hacking, get a subscription to antivirus software that is installed, active and kept up to date.
Reprints Discuss this story
This is where the comments go.