Wire fraud is a prevalent topic in the investment world today. Thieves are becoming more and more creative about finding new ways to steal money from innocent folks. More recently, financial advisors and their clients have become large targets for fraudulent wire attempts, which have resulted in huge sums of money being syphoned away by fraudsters.
Not too long ago, fraudulent wire attempts reported by financial advisors were rare, but now the trend is increasing at an alarming rate. Charles Schwab recently reported that in 2012 its advisors “reported an average of more than one fraudulent wire attempt per day – including weekends and holidays.”
Wire fraud usually begins with identify theft; and often this is done through email hacking techniques such as phishing or malware. In fact, during an internal study of fraud reports, Charles Schwab found that “more than 90% of fraud attempts reported by advisors involve email takeover.”
Here’s how wire fraud typically happens. A client’s identity or email account is compromised through phishing or malware. Once gaining access to the email account, the fraudster sends a test email to the advisor to see if they can establish a line of communication. At the same time, he will thoroughly search the emails in the account to learn about personal contacts and find key and sensitive information about the client (i.e., birthdates, account numbers, passwords, etc) in order to better communicate with the financial advisor, thereby impersonating the client.
While impersonating the client, the fraudster will make an urgent request to the advisor via email to wire transfer money from the client’s account to a third-party bank account that the fraudster controls. The thief will then immediately withdraw the money, and *poof*, the money is gone.
So who is on the hook for wire fraud losses? Custodians and regulators alike are enforcing that advisors verbally confirm with the client any and all wire transfer requests. If an advisor transfers money out of a client account without verbally validating the request over the phone or in person and without obtaining the necessary signed forms from the client, the advisor will be on the hook for the entire loss.
Financial advisors and their clients should be well aware of some these key warning signs of fraudulent emails:
Bad grammar and punctuation.
Behavioral clues like asking an advisor to pre-fill out a form and send back to them.
Communicating a sense of urgency to force an advisor to forgo safeguards or precautions (i.e., using urgent events like funerals, tragic deaths, business or real estate transactions, or emergency surgery).
Using a pre-existing conversation to indicate old dialogue with you, or using a recognized email address or contact in common.
Attempt to restrict method of contact to email only. Scammer tries to avoid phone calls.
If a phone number is given, it’s an unrecognizable number.
What proactive steps can investors take to avoid falling victim to email hacking and, potentially, wire fraud in the first place? (In no particular order)
Be careful about who you provide access to your email accounts and to your electronic devices.
Make sure that your Internet and home network uses a password and is secure.
Be careful about the websites you access when using unsecured Wi-Fi hotspots at public locations.
Install antivirus and internet security software on your computer.
Don’t open spam emails, emails you don’t recognize, or emails from someone you don’t recognize.
If you accidentally open a “fishy” email, DON’T click on any links or open any attachments. Quickly close and delete the email.
Create and use a “junk” email account. Use this email address when registering at websites you are unsure about, forum or chat room websites, or websites that you are just testing. This will help cut down on the spam email and potential phishing attacks in your more important personal email account.
Turn on extra security features that are offered by your email provider.
Don’t use the same passwords for multiple Internet accounts.
Don’t download movies, songs, or other content from questionable or unofficial websites.
Don’t download apps for your mobile phone from unofficial app stores.
While wire fraud is quickly becoming a way for thieves to reap huge profits, you can help protect yourself by simply using good judgment when surfing the Internet and using email. After all, your identity and your money is at stake.