Popular Financial Topics

Discover relevant content from across the suite of ALM legal publications From the Industry

More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery

Read digital editions of Investment Advisor Magazine Tax Facts

Get clear, current, and reliable answers to pressing tax questions

Resource Center

ThinkAdvisor

6 Things to Know to Avoid Cyberattacks

By John Manganaro

Slideshow May 01, 2023 at 04:46 PM Share & Print

Your article was successfully shared with the contacts you provided.

A few weeks ago, the Financial Industry Regulatory Authority issued a stark warning about an increase in phishing scams targeting financial institutions and their clients.

Such cyberattacks often start with an email, call, text or encrypted message that falsely claims to be from a financial institution, government or regulatory agency. Social Security check issues are frequently a focal point, as are fake threats supposedly coming from the Internal Revenue Service.

In other cases, a scammer will try to impersonate a trusted colleague or client. In virtually all cases, the goal is to steal money, private information or anything else potentially valuable that the offender can get their hands on.

Virtually any news item, positive or negative, can become the basis for a new scam, FINRA warns, from a pandemic to a natural disaster to the launch of a new product or company.

Ultimately, advisors have a duty to protect their clients and their financial institutions from cyber threats, and part of that duty is to keep up with the latest emerging threats.

See the slideshow for a rundown of six insights about the evolving fraud landscape, as presented during a cybersecurity best practices session at the 2023 Raymond James Elevate conference, which just concluded in Orlando.

(Image: Adobe Stock)

John Manganaro

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Phishing Scams on the Rise: FINRA

Up Next

Phishing Scams on the Rise: FINRA

More on this topic

SEIA Strikes Deal for $2B RIA in Cleveland

SEIA Strikes Deal for $2B RIA in Cleveland

With Fresh Genstar Funding, Cetera Charges Ahead

With Fresh Genstar Funding, Cetera Charges Ahead

3 Reasons Cash Is King Again

3 Reasons Cash Is King Again

Cetera's Avantax Inks Acquisition of $760M Wealth Firm

Cetera's Avantax Inks Acquisition of $760M Wealth Firm

6 Things to Know to Avoid Cyberattacks

Exit

1. Email attacks are evolving.

According to the Raymond James experts, email remains the most common cyberattack vector.

Email attacks come in a growing variety of flavors, but the two most common types are phishing emails, which use social engineering to trick a person into revealing sensitive information, and malware emails, which seek to implant malicious software on a victim’s device.

Among the most problematic emerging email attack types is the “business email compromise,” or BEC for short.

A BEC occurs when someone attempts to impersonate a trusted colleague or client. For example, a scammer may impersonate an advisor’s team leader and make a request to buy $1,000 worth of digital gift cards on a company credit card and send them to a third party.

(Image: Adobe Stock)

Exit

2. There are key red flags to watch out for.

While email scammers have found ways to make their attacks more convincing, there remain some common red flags to watch for.

One is a warning from the email server in the subject line. The word “bulk” in brackets is a label that Microsoft Outlook and other services use to warn about suspicious emails.

Another strategy is to carefully scrutinize the “from” address. If the email handle is not recognizable, or if it includes minor typos or the use of random punctuation, that’s a red flag.

The text of the email can also provide many clues. Generally, pushiness to get an unrecognized transaction or wire transfer done immediately is a major red flag, as are requests for irregular purchases of gift cards or other goods.

(Image: Adobe Stock)

Exit

3. Business email compromise attacks can be particularly tricky.

As noted, a business email compromise attack involves a scammer impersonating an individual whom their target knows and trusts — often an authority figure at work, such as a direct manager, an HR representative or a company executive.

When unanticipated emails seemingly come from such a person demanding some sort of quick financial transaction, that in itself is a red flag. Unless this is a regular occurrence in the course of one’s work, one should assume something is amiss, especially when the purchase request is in the form of digital gift cards or cryptocurrency.

Of course, sometimes such a request can be legitimate, but even so, it’s always worth picking up the phone and calling the person to make sure.

(Image: Shutterstock)

Exit

4. Telephone-based attacks are becoming more common.

Another important emerging threat vector is known as “telephone-oriented attack delivery.” Experts sometimes refer to these as TOAD attacks.

In basic terms, the TOAD attack is an evolution of a traditional spam call. Previously, scammers might call and solicit a donation to a bogus cause or charity, or they might promise some kind of reward for winning a lottery or sweepstake.

TOAD attacks are more sophisticated in that they involve a primary step, usually precipitated via email or text message, that tricks a target into calling the scammer based on a fear of some negative outcome.

Often, the initial message will suggest a target must act quickly to confirm account information or pay a fee to avoid a bigger penalty.

According to the Raymond James experts, COVID-19 relief fund payments were a huge source of these attacks, as are threats about Social Security benefit penalties.

(Image: Shutterstock)

Exit

5. The service-first mentality is a major vulnerability for advisors.

According to Raymond James’ cybersecurity experts, the financial advisor industry is a rich target for fraudsters because of the eagerness to deliver fast and responsive service to clients.

In the normal course of business, this service-first mentality is invaluable, as it builds client loyalty and elevates outcomes.

However, advisors also must ensure they maintain a sense of awareness, and they shouldn’t hesitate to call someone to verify the situation.

If something seems even remotely suspicious, it’s worth taking time to check it out before taking any action that could expose the client, advisor or firm to harm.

(Image: Adobe Stock)

Exit

6. Prevention is the only way to ensure good outcomes.

Perhaps the most nefarious fact about today’s cybersecurity risks, according to the Raymond James experts, is that there is often little or no chance for justice once an attack has succeeded.

This is because, in the vast majority of cases, the origins of these attacks are international, and the most successful scammers are careful to operate in areas where U.S. authorities lack agreements for assistance in prosecutions.

This makes it almost impossible for money to be recovered, even if investigators have a good idea of who might have perpetrated the fraud.

(Image: Shutterstock)

Choose your next slideshow ...

Exit

Jeff Levine: 7 End-of-Life Tax Planning Mistakes to Avoid

15 U.S. Cities Where It Takes the Most Income to Be Middle Class

15 Most Expensive States for Nursing Home Care: 2024

Raise Your Visibility in a Community Group

Dark Mode

Featured Resources

How to Build Trust Between Advisors and Clients

From Morningstar, Inc.

How to Build Trust Between Advisors and Clients

Download Now ›

Candid Conversations: Couples, Money & Conflict

From eMoney Advisor

Candid Conversations: Couples, Money & Conflict

Download Now ›

Helping Your Clients Make a Greater Philanthropic Impact

From Foundation Source

Helping Your Clients Make a Greater Philanthropic Impact

Download Now ›

Index Year End Review: 2023

From The Index Standard

Index Year End Review: 2023

Download Now ›