EMAIL HACKING scams that target investors could lead to funds being stolen from their brokerage accounts through fraudulent wire transfers, according to the US financial industry regulatory authority.
Finra, the largest independent regulator for all securities firms doing business in the US, has received about a dozen reports in the past two months of investors being targeted in email wire transfer schemes, according to Gerri Walsh, Finra’s vice president for investor education.
Here’s how the fraud typically works, according to a Finra alert: hackers first get access to an investor’s email account, which may include messages from financial institutions, including brokerages.
They use information from those messages to email the brokerage firm, from the investor’s address, with instructions to wire funds to a third-party account.
Hackers may also include a forged letter from the investor authorising the transfer, also sent from the investor’s email address
Many brokerages have precautions in place to prevent the fraudulent transfer of funds, such as passwords or requiring a brokerage representative to confirm the transfer by phone. The measures, however, failed in some cases, according to Finra. For example, some brokerages released funds even though they could not verify the emailed request by phone.
Finra has urged investors to notify their brokerages if they suspect their email accounts have been hacked. Investors can look for several tell-tale signs to determine if their email accounts have been hacked, Ms Walsh has said.
Included are emails in a “sent” folder that the account holder did not actually send. Another common sign is hearing from friends that they have been receiving spam from the account.
Finra has also published guidance to brokerages, recommending that they review their policies for accepting customer email requests to withdraw or transfer funds.
The regulator’s concerns follow a warning last week by the FBI and two cyber-crime awareness groups about wire transfers conducted through hacked email accounts.
Proceeds from recent schemes are ultimately being sent to accounts in Malaysia, the FBI and cyber-crime groups said in the warning. – (Reuters)