ATEB Consulting has flagged a spate of scams arising from the hacking of client’s email accounts.
The compliance consultancy’s director Steve Bailey said: “We have been made aware that fraudsters are using the current lack of personal contact to impersonate clients and steal money from investments and pensions.
“In 2014, there was a spate of scams involving fraudsters hacking personal email accounts and impersonating clients to gather information which was then used to encash investments. It looks like they are back!”
The fraudsters hack an individual’s personal email account to identify investments before contacting the IFA by email to request they are cashed in.
A key warning sign, Bailey said, is the fraudsters will request the money to be paid into a new bank account. They will provide evidence of the account’s existence if requested by email.
Another sign is that everything is undertaken by email and if telephone contact is requested a reason will be given by the fraudsters to continue using email instead.
Bailey suggested calling the client in any case where a transfer is requested by email. “If the client request is in fact genuine, we believe clients would appreciate the call if you explain the reason for the telephone contact – you are protecting their savings!”
Bailey said that the firm was aware of significant amounts of money having been scammed using this and similar techniques.
He added: “Look after your client’s assets. It is better to have a suspicion that turns out to be wrong than to unwittingly facilitate your client being scammed.”
Commenting, on the warning, Anthony Rafferty, managing director, Origo, which operates Unipass Mailock, a military-grade encrypted email system, said: “Cybercriminals are becoming ever more adept at intercepting emails (which unencrypted keeps information about as safe as a postcard through the post) and then exploiting them through tricking firms into undertaking fraudulent transactions.
“Advice firms can take preventative measures, such as increasing staff awareness and training and putting in place procedures but it only takes one very good scam or a lapse of concentration to potentially cost a client thousands of pounds in lost investments. Then begins the blame game and the possible reputational damage to a firm too.
“Encrypting emails secures against hacking, enables authentication to ensure the right person is emailing and opening the emails, and provides an audit trail for security and regulatory purposes.
‘Warnings like this reinforce the need for sensible preventative measures, such as encrypting our emails, to become the norm in the industry, in particular when personal and confidential information is being exchanged.”