Online, en garde
By Joel Dresang
Federal authorities have reported a spike in cases of investors losing money through compromised email accounts.
A joint alert from the FBI, the Financial Services Information Sharing and Analysis Center and the Internet Crime Complaint Center says criminals attempted to transfer $23 million in total from investor accounts at various financial institutions through the end of 2011.
Those agencies, along with the Financial Industry Regulatory Authority, are warning individuals to protect their financial security online.
“Clients have called and said, ‘I think I’ve had my email hacked,’” said Jean Baley, senior vice president and chief compliance officer at Landaas & Company. “We always reassure them, ‘We can’t send you money without us talking to you. We confirm it with you.’”
To Landaas & Company clients:
If you wish to make transactions in your accounts, please talk directly to your advisor or one of our associates. That way, you can make sure we receive your order, and we can authenticate the request. Call 414-223-1099 or 800-236-1096.
For urgent matters, call during trading hours of the New York Stock Exchange, which usually are 8:30 a.m. to 3 p.m. Central time, Monday through Friday. Requests after 3 p.m. Central will be executed the next trading day.
Please click here for hours and holidays for the New York Stock Exchange.
Authenticating requests for funds is one of many routine precautions at Landaas & Company, Jean says.
“We do not want to honor something that is not correct,” Jean says.
Federal investigators say so far Americans have lost about $6 million through phony email requests. Individual accounts have been tapped for amounts ranging from $17,500 to $183,000.
The cases involve criminals using email accounts to pose as clients and then requesting withdrawals at banks, credit unions and securities brokers and dealers.
How did the criminals hack into email accounts and get information to pose as clients? Among authorities’ suspicions:
- Dumpster diving – retrieving improperly disposed financial records from your trash
- malicious software, or malware, that gets installed on your computer without your consent and can monitor and control your online activity
- phishing, where identity thieves ape legitimate organizations online to trick you into responding to email, texts or pop-up messages asking for your personal information
To defend against such fraud, Landaas & Company has put safeguards in place and updates them frequently to protect clients’ accounts, Jean Baley says.
For instance, through her regular check of email communications at the firm, Jean says, she spotted a request that roused her suspicion. For one thing, she recognized the client whose name was on the message as someone who usually calls.
“This was not like him,” Jean recalls. “It didn’t seem right. There were several misspellings, and he doesn’t usually do that.” To be sure, she phoned the client, who said he knew nothing of the email request.
Precautions also exist through Pershing, the firm through which Landaas & Company provides clients some online access to account information. For instance, Pershing denies access to an account after three failures to log in. Clients need to speak with an associate at Landaas & Company to restore access. What may be an inconvenience for an account holder is meant as a deterrent to potential crooks.
As vigilant as financial institutions can be, clients also play a powerful hand in protecting themselves from online larceny. Some steps you can take:
- Protect your identity. Don’t use your Social Security number as a password or username. File your printed account statements and other financial records in a safe place, and shred them before you discard them. Create unobvious passwords that combine letters, numbers and symbols. Don’t store them on your computer.
- Be on guard. Comb through account statements as soon as you receive them, and scrutinize any transactions you don’t readily recall. Download only from sources you trust, and be skeptical of free programs. Don’t respond to online requests for personal information. When in doubt, call your financial institution at a telephone number you find independent of any electronic message.
- Secure your connections. Confine online transactions to your own computer, and don’t make them using wireless Internet connections in public places. Maintain updated security software including anti-virus, anti-spam and spyware detection components. Check that the financial websites you use are secure, and be sure to log out of them when you’re done.
- Learn more. Click the links to these organizations for more details and tips – the Financial Industry Regulatory Authority; the Securities and Exchange Commission; the Federal Trade Commission.
Joel Dresang is vice president of communications at Landaas & Company.
(initially posted Feb. 20, 2012)