Phishing is the attempt to impersonate a trustworthy source to fraudulently obtain sensitive information such as your username, password, Social Security number, credit card information, and account numbers. Email phishing schemes involve a phony email that's cleverly disguised to look exactly like a message from a trusted source -- be it a friend, associate, or even your financial institution -- in order to obtain sensitive data from you.
Image source: Getty images.
This scam has traditionally targeted individuals, but in a new twist on an old scheme, fraudsters are now targeting financial institutions. One of the most popular targets of this new scam is brokerages.
How the scheme works
Criminals are now hacking into people's personal email accounts and going through their archives to gather intelligence on the account's owner. If the victim has a brokerage account, they will email the broker a message such as:
The thief will address your broker by name and keep it as short as possible in order to minimize their opportunities to give themselves away. While a medical emergency is not always given as a reason for the transfer, the excuse will sound urgent, giving the targeted broker the sense that time is of the essence.
Because the crooks gather intelligence through your email account, they will often incorporate a real-life event into the email to make the reason for the money transfer sound even more plausible. For instance, if your niece really is sick, then the above example is something they would likely use. On the other hand, if the email account's owner is a business owner or landlord, then the scammer might claim to need the money fast because of a once-in-a-lifetime business opportunity.
Why the scheme works
Unfortunately, once the broker receives this phony request, the system can break down. Brokerages are regulated by the Financial Industry Regulatory Authority. FINRA has recognized this potential weakness in the system for a long time and, as early as 2012, sent out a regulatory notice requiring brokerages to review their specific procedures for wire transfer requests received via email. This alert stated:
FINRA advised that it is imperative brokerages do two things to ensure they do not play an unwitting role in this scheme: 1) verify that the email was sent by the customer and 2) identify and respond to red flags, including unusual requests and unfamiliar third-party accounts that the money is being sent to. The alert specifically says that requests that indicate a sense of urgency should be flagged as potentially fraudulent because, by their very nature, they tend to "deter verification of the transfer instructions."
Unfortunately, this scheme is still far too successful and has only become more widespread since this alert, and subsequent ones, have been issued. That's because, all too often, the brokerage does not follow the rules and wires the money with no verification from the account holder.
Why aren't the rules followed? At the end of the day, brokers are still human and are subject to the same emotional tendencies as the rest of us. In my experience working these cases as an economic crimes detective, most brokers simply said they skirted the rules for the convenience of their client.
What you can do
While FINRA has the authority to fine and suspend brokers for not following regulations, very few consumer protection laws are in place for this type of fraud. In my experience, most brokerages will refund a victim's money because they don't want to lose face in the industry. But that doesn't mean that they're required to repay customers or that it will be easy to get it back. Therefore you must take proactive steps for your own protection.
- Ensure that all your personal information on file with your broker is up to date and correct. If your old cellphone number is still on file, then your broker can't reach you to verify that you sent an email requesting a money transfer.
- If you have a personal relationship with your brokerage, call them and let them know you want to be personally contacted before money is ever wired out of your account.
- Call your brokerage and ask what their policies are for acting on a money transfer request. Make them be specific. Don't let them get away by brushing off your concerns and saying something like, "That could never happen here." Ask them for their specific policies that safeguard your money. If you're not satisfied, consider another brokerage.
At the end of the day, this is your money. You need to be satisfied with how well it is being protected. Don't give thieves the chance to steal the fruit of your life's labor just because you didn't take a few minutes out of your day to talk to your brokerage about how safe your money is.
10 stocks we like better thanWal-MartWhen investing geniuses David and TomGardner have a stock tip, it can pay to listen. After all, the newsletter theyhave run for over a decade, the Motley Fool Stock Advisor, has tripled the market.*
David and Tomjust revealed what they believe are theten best stocksfor investors to buy right now... and Wal-Mart wasn't one of them! That's right -- theythink these 10 stocks are even better buys.
Click hereto learn about these picks!
*StockAdvisor returns as of December 12, 2016The author(s) may have a position in any stocks mentioned.
The Motley Fool has a disclosure policy.