Unfortunately, the number of attempts by thieves trying to steal your clients’ money is increasing every day. Every firm in our profession—advisors, broker-dealers, custodians and banks—is directly impacted by this troubling trend. Part of the challenge is how comfortable everyone, especially your clients, has become using technology to share confidential information. They might not even be using a secure method of transmission. Of course, there is also the “it won’t happen to me” mentality that prevents people from worrying about it. The reality is you need to be worried and ultimately change your behavior.
Here is one scenario that is all too common: A thief impersonates one of your clients using his email address to request changes or send money to another account. First, the thief gets your client’s email login credentials, generally using virus software. Once they have access to your client’s email address, thieves will monitor your client’s activity and learn how and with whom he communicates. Monitoring your client’s email activity will provide thieves with the necessary information so that once they attempt the actual fraud, the message looks very similar if not identical to previous messages. This is not your obvious fraud email, with grammatical errors and misspellings. This makes it very challenging for the recipient to recognize it as fraud.
Given this scenario, there are several steps you should take to protect your clients and your firm. First, you and your clients need to be vigilant in protecting your email login credentials. Make sure you have virus software installed on your computer, only use devices that you control and frequently change your password using various letters, numbers and characters. Furthermore, be sure to activate extra levels of security and verification if they are offered by your email provider. For example, many of your clients may use Gmail for their personal email. If this is the case, make sure they activate Gmail’s two-step verification process. This extra level of security requires you to enter a code, texted to your phone by Gmail, when you log in. This adds another barrier of protection when someone tries to log in to your account—particularly when the attempt is from an unrecognized computer.