By Allison Bressi, Versant Capital Management Compliance & Administrative Manager
Email-based wire fraud is becoming commonplace in the world today as thieves learn new methodology to steal client money. This is a tactic where fraudsters gain access to a client’s email account and use it to fool his or her investment advisor into moving money to a third party account. In 2012, advisors reported more than one fraudulent wire attempt per day using these methods.[1]
But how? My advisor knows me.
It looks like this.
- A fraudster targets a client with a phishing scheme, impersonating a bank or other institution to gain access to the client’s sensitive data. The client, thinking he or she is on a legitimate website, enters personal information which the fraudster captures. The fraudster also researches client information that is publicly available, such as birthdates, addresses, and phone numbers.
Example 1: Phishing Email. This is an example of what a phishing email might look like – in this case, from Wells Fargo Bank. This email contains typographical errors, a strange style, and requests personal information to verify the account. The link in the email, when hovered over, shows it does not go to Wells Fargo. Beware! If you receive any email like this, you should call your bank.[2]
- The fraudster takes the personal information obtained from these activities and uses it to break in to a client’s email account. Once inside, the fraudster searches client emails to locate financial advisors, banks, and other institutions which have access to client funds.
- The fraudster then studies the client’s writing style. Does the client write formally or informally? Does the client use proper grammar and full sentences, or write in small fragments (as in from a smart phone)?
- Then, armed with account information and client writing style, the fraudster emails the client’s financial advisor and requests a wire be sent to a third party. The advisor on the other end, seeing an email from a recognized email address and written in a familiar style, believes the request to be legitimate and wires the funds.
In a matter of hours, a large sum of client money can disappear into the void and recovery can be difficult.
What is Versant doing to protect me?
Rest assured, Versant has policies and procedures in place to stop email-based fraudulent wire requests from defrauding any of our clients.
- Anytime a wire request is initiated via email, Versant will call you on the phone to speak with you personally about the request and ensure that it is valid.
- If you have set up the added security feature of a verbal password, Versant will require that password be provided verbally before any money may be transferred.
- Versant staff review wire requests at multiple levels to ward off suspicious activity. Often indicators are present with fraudulent requests, such as a sense of urgency, reluctance to speak on the phone, strange cover sheets on faxes, unknown account numbers or contact information, etc.
- Versant reports any suspicious activity on accounts to the client, relevant financial institutions, and regulatory authorities, as applicable.
What can I do to protect myself?
There are a number of things you can do to protect yourself from becoming a victim of this malicious activity.
- Beware of phishing attempts. If it appears your bank or any other institution has contacted you to request personal information online, call your bank to ensure the request is valid.
- Make sure your email account has a strong password. Do not use personal information as part of your password, such as a birthday or anniversary. Do not reuse the same password for multiple accounts.
- Ensure your anti-virus software is up to date.
- Make sure your wireless network at home is password-protected.
- Do not download files from websites you do not trust. Many files may contain malware or viruses which can collect personal information.
- Request a verbal password be placed on file at your financial institutions. This is a word that must be provided to verify your identity before any transactions can be completed.
- If any institution requests personal information via email, do not provide it via email. Rather, call the main bank line at the number listed on the bank website and inquire about the authenticity of the email before providing any information.
- If any of your personal information is compromised (laptop or phone theft, robbery, etc), notify your financial institutions and financial advisor immediately.
Versant is committed to keeping your personal information safe and protecting you from email-based wire fraud at all levels. If you have any questions or concerns about the security on your accounts, please don’t hesitate to reach out to us anytime.
[1] Wire Fraud Is Rising—How Are You Protecting Your Clients and Your Firm? Schwab.com, accessed 2/9/16
[2] https://www01.wellsfargomedia.com/assets/images/informational-graphics/screenshots-thumbnails/personal/nba/fraud_email.jpg
Disclosure: Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Versant Capital Management, Inc.), or any non-investment related content, made reference to directly or indirectly in this newsletter will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this newsletter serves as the receipt of, or as a substitute for, personalized investment advice from Versant Capital Management, Inc. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. Versant Capital Management, Inc. is neither a law firm nor a certified public accounting firm and no portion of the newsletter content should be construed as legal or accounting advice. If you are a Versant Capital Management, Inc. client, please remember to contact Versant Capital Management, Inc., in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services. A copy of the Versant Capital Management, Inc.’s current written disclosure statement discussing our advisory services and fees is available upon request.