Staying alert to fraudster red flags
(Note: In the course of advising clients and managing their investments, Landaas & Company professionals encounter criminal attempts to defraud individuals of their money or steal their identity. Landaas & Company invests in hardware, software and training to protect clients’ investments and privacy from fraud. Below is a slightly edited message Kyle Tetting sent to all the staff recently. It is an example of ongoing vigilance.)
Yesterday, I received an email, which appeared to come from a client I regularly correspond with, asking to send some funds to a new bank account.
The request wouldn’t be out of the ordinary, and the syntax was in line with my typical communication with the client. But the request to a bank account I was not aware of was an immediate red flag.
Within two minutes of receiving the email, I contacted the client via telephone to confirm the instructions and left a voicemail message. The next morning, the client called back to ask what was going on. She had no idea her email had been compromised and had definitely not requested the funds.
I bring this up to serve as a reminder that we need to remain vigilant in protecting both our clients’ information and money. A couple of notes from this one:
- The hacker created an email address missing a single letter to mimic the client’s email while hiding the correspondence from our client. The hope was that I’d communicate with the hacker on the new email address and never notice it was slightly different than the one in the system. I did not notice this initially, but it was evident once I already was suspicious.
- The correspondence mirrored my client’s punctuation, nicknames and other details. The hacker had clearly read through prior correspondence to better the chances I’d respond favorably.
A few reminders:
- Confirm all requests via telephone.
- Confirm that new bank instructions match the registration of the client(s) on the account.
- If there is any doubt, discuss your concerns with compliance and make notes in our client relationship management system immediately to alert your colleagues.
I’m happy to report my client is updating passwords and that we were able to help her see an issue she didn’t know existed.
- Be sure you know who’s really sending an email.
- Scrutinize links in email.
- Beware of attachments.
- Know who you’re sending email to.
- Don’t send sensitive information through email.
Wake-up call: Protect against cyberfraud, by Joel Dresang
Don’t let ID thieves get your money too, by Joel Dresang
Frauds and scams, from the Consumer Financial Protection Bureau
Identity Theft and Online Security, from the Federal Trade Commission
(initially posted Dec. 29, 2022)