November 29, 2018 • Karen DeMasters
Advisors and RIAs are prime targets for internet “phishing” schemes, according to Chris Roach, managing director at CBIZ Risk and Advisory Services, a business consulting firm based in Cleveland. When crooks try to get private information by posing as a trusted entity on the internet, that’s phishing, and it is growing worse, Roach said. At first limited to e-mail, it has spread to text messages and Facebook Messenger, as well as telephone calls. Financial advisors and firms, who hold so much private information about clients, are often targets of phishing, he said. “Phishing is often the precursor to larger data breaches,” he added. “It has become so subtle that often the only warning sign is an out-of-place punctuation mark, a grammatical error or a slightly changed e-mail address.” When CBIZ recently audited a financial institution for vulnerability, more than 40 percent of its employees fell for a simulated phishing attempt. “Even when employees catch the attempts, the incidents often go unreported because the employees delete the attempt and move on instead of flagging the message for attention,” Roach said. “Hackers may not even know what they are going to do with the information they are gathering, they just gather it and then see how they can profit off of it,” he added. In some cases, hackers obtain bank e-mail lists and send out solicitations to the addressees. Or an employee of a firm will get an e-mail that looks as if it is coming from a superior at the firm asking him or her to do some kind of financial transaction. The holidays are a particularly bad time for these schemes, but there are steps advisors can take to protect themselves and their clients. For instance, they can check the URL and e-mail addresses on the correspondence they receive carefully and look for any inaccuracies or misspellings, Roach said. Firms should have awareness training for employees about what to look for and what to do if they receive a scam e-mail or text. Employers need to know who to call to investigate bogus messages. First « 1 2 » Next
Advisors and RIAs are prime targets for internet “phishing” schemes, according to Chris Roach, managing director at CBIZ Risk and Advisory Services, a business consulting firm based in Cleveland.
When crooks try to get private information by posing as a trusted entity on the internet, that’s phishing, and it is growing worse, Roach said. At first limited to e-mail, it has spread to text messages and Facebook Messenger, as well as telephone calls.
Financial advisors and firms, who hold so much private information about clients, are often targets of phishing, he said.
“Phishing is often the precursor to larger data breaches,” he added. “It has become so subtle that often the only warning sign is an out-of-place punctuation mark, a grammatical error or a slightly changed e-mail address.”
When CBIZ recently audited a financial institution for vulnerability, more than 40 percent of its employees fell for a simulated phishing attempt. “Even when employees catch the attempts, the incidents often go unreported because the employees delete the attempt and move on instead of flagging the message for attention,” Roach said.
“Hackers may not even know what they are going to do with the information they are gathering, they just gather it and then see how they can profit off of it,” he added.
In some cases, hackers obtain bank e-mail lists and send out solicitations to the addressees. Or an employee of a firm will get an e-mail that looks as if it is coming from a superior at the firm asking him or her to do some kind of financial transaction.
The holidays are a particularly bad time for these schemes, but there are steps advisors can take to protect themselves and their clients.
For instance, they can check the URL and e-mail addresses on the correspondence they receive carefully and look for any inaccuracies or misspellings, Roach said. Firms should have awareness training for employees about what to look for and what to do if they receive a scam e-mail or text. Employers need to know who to call to investigate bogus messages.
Please log back in before proceeding.
There was an error logging in. Please try again.
Congrats! You are now logged in. Your exam is being submitted.