The National Cybersecurity Awareness Month (NCSAM) is observed each October. Certainly a part of being more secure online is having an awareness of events where the fraudsters achieved their goal. Here are some examples of the types of fraud attacks that have directly impacted people in our profession.
Case #1 Your firm has been working with a client to facilitate a wire transfer, a process that has been planned for more than a month. The client provides you with the receiving account details, and your firm completes the wire form and sends it back to the client for a signature. The client signs the wire form and emails the document back to your firm.
Your firm has a policy to verbally confirm all wire requests, so the lead advisor calls the client and leaves a voicemail message for the client to call back and confirm the instruction. The call is returned 30 minutes later when the lead advisor is out of the office. The details of the request are logged in your CRM and another staff member confirms the wire request with the client when they return the phone call. The wire is sent.
A day later it is determined that the request is fraudulent and the money went to the wrong bank account. How could that happen?
What no one knew was the client’s email box had been compromised for months, and a fraudster had been waiting to execute the attack. The wire instructions were changed by the crook so the money didn’t go to an account for the client’s benefit but to a completely unrelated account number, and the bank didn’t stop the transaction even though the beneficiary information didn’t match the title on the receiving bank account.
Furthermore, because any voicemail left for the client also is conveniently emailed to the client’s email box, it was the fraudster who was able to react quickly and receive the voice message via email. Then, they called your office (not the client), lucky because they got an associate who didn’t know the client’s voice, and the fraudster was able to confirm all the false details regarding the wire request.
Case #2 A client emails your staff member and mentions that he expects to receive a year-end bonus. Your staff member continues the conversation on both email and over the phone. In January, the client now has the funds and emails the staffer requesting the wire instructions for sending the money to his managed account. Your client receives a swift return email with the wire instructions, but the instructions route the money to the fraudster’s account.
In this case, a fraudster gained access to your staff member’s email account. Further, the client ultimately sent the funds without verbally confirming the wire information with your firm.
Case #3 A member of your staff receives an email from a friend asking her to review their resume. Your employee clicks on the attachment thinking it is a standard document program, but nothing appears to happen. She thinks there’s something wrong with the file and replies to the email asking the friend to resend the resume.
Later, the staffer tries to open a file that she had been working on, which won’t open as it says it has been encrypted and a password is required … but she didn’t make those security changes. This is a classic ransomware attack, which also has encrypted and locked you out of every file that your employee had access to, including files located on your firm’s servers.
Do you pay the ransom or do you use a trusted backup to retrieve the files prior to being encrypted? This is just the beginning of the work. You also have to ensure the ransomware is removed from the employee’s computer and any other location on the firm’s network.
Given these three real-life examples of successful cyber attacks, could you see your firm being a victim as well?
Dan Skiles is the president of Shareholders Service Group in San Diego. He can be reached at firstname.lastname@example.org.