Financial advisors are more likely to be victims of cyberattacks than those in other industries, largely because financial data is extremely valuable to cybercriminals and small businesses tend to have less sophisticated cybersecurity systems in place.
In 2016, 20% of financial firms were affected by data breaches. This increased to 25% in 2017. With the average data breach costing $7 million, protecting personal and financial data must be prioritized in the industry.
While cyberattacks are becoming more frequent and sophisticated, many cybercriminals use simple phishing tactics to take advantage of human errors rather than planning complex attacks. As an advisor, you need to be aware of the most common phishing tactics used, understand how these scams are becoming more complex, and know how to protect your clients’ data.
What Do Common Phishing Scams Look Like?
Cybercriminals know how to disguise phishing attacks as messages that appear to be normal and legitimate. Emails are often used, but some phishing scams involve the use of text messages, IMs and even phone calls. Messages are carefully crafted to look like they come from a legitimate source, and some cybercriminals know how to spoof a phone number or hack an email address to send a message from a known or familiar source.
The purpose of a phishing scam is to trick you into sharing personal or financial information. You might, for instance, be redirected to a page with a form that collects data that could be used to steal a client’s identity or be prompted to use login credentials for a client’s account.
Here are a few examples of phishing emails you might receive:
- Emails that ask you to follow a link to a page where you are prompted to enter login credentials.
- Emails that ask you to fill out an online form.
- Emails that redirect you to a page that mimics the login page of a legitimate financial institution, such as Fidelity, Schwab, TD Bank, JPMorgan Chase or Bank of America.
- Emails that alert you of a fax you have just received to trick you into opening a malicious attachment.
These unpleasant emails are sometimes easy to identify. Pay attention to the spelling and grammar and to the sender’s email address, including the domain name. If an email creates a sense of urgency to download an attached file or visit a link, you should immediately be suspicious. Financial institutions will never send emails that ask you to log in to your account right away or to verify information immediately. A legitimate financial institution will call you to obtain this information.
If an email asks you to follow a link, check the URL and compare it with the official URL of the financial institution mentioned in the email.