This is one in a series of ongoing Under the Hood articles that provides insight into common issues faced by advisors and their clients.
Cyber-crime, once reserved for Hollywood thrillers, has now found its way to Main Street, and a number of identity theft organizations have emerged offering protection against this crime. Armed with new methods, though, cyber-criminals are scamming unsuspecting individuals out of billions of dollars annually before disappearing with barely a trace.
Ironically, in the past we worried about a thief stealing our material possessions. Today, we live in a world where criminals are stealing our identity. In fact, according to the Internet Crime Report 2012 from the U.S. Justice Dept., total losses attributed to identity theft in 2012 were $24.6 billion, compared to $13.9 billion for all property crimes. In addition, over 90% of identity theft victims didn't report the crime to police, for various reasons. The number of victims has risen from 10.2 million in 2010 to over 13 million in 2013.
Financial advisors are increasingly targeted by identity thieves. Therefore, it's more important than ever that advisors protect their clients' assets and information. There are many reasons for this, not the least of which is the fact that FINRA and the SEC are cracking down on advisors who lack adequate cyber-security policies.
How One of My Clients Was Threatened
One of my clients was a near victim of cyber-crime recently.
A few months ago I received an email from a retired client asking me to transfer $15,000 from her retirement account. The sender's email address matched the client's so it seemed like a legitimate request. However, when this client has needed money from her account in the past, she would call. Although this was a relatively minor deviation in behavior, it was enough for me to call her.
When I did, I discovered she did not send the email. How could this happen? Obviously, someone had hacked her email account. How? The night prior to the email requesting the money, she received what appeared to be an email from her spouse and clicked on a link inside. That's all it took. At this point it was Hacker 1; Client 0.
How does this type of breach occur? According to computer expert Jason Blevins of Baton Rouge, Louisiana-based Compu-Tech of LA, when the client clicked on the link, her computer likely downloaded a sophisticated spyware program (known as a keystroke logger) which recorded her keystrokes. This would have allowed the hacker to get her password(s) and access her email account. Then, the hacker could have established any number of rules on her email account, including one to redirect email replies from selected sources to the hacker rather than the client.
In essence, the client would have been completely unaware that a problem even existed. However, if this is the case and the hacker uploaded such a program to her computer, simply changing her email address and password would not correct the problem. According to Blevins, your garden-variety malware-removal programs are probably not sufficient to identify and remove such sophisticated spyware. So the client took her computer to a professional to have the software removed.
Telemarketing Fraud
If you receive a phone call notifying you that you've won a free vacation or some other gift, be wary. Especially if you are asked to pay the return postage or some other charge upfront. Never give personal information or money to someone you do not know personally. In this type of fraud you may hear comments such as: "You must act now or the offer won't be good!" or "You can't afford to miss this high-profit, no-risk offer!"
Even though such a phone call may cause suspicion, some individuals will go along with it anyway, only to find out later that it was a scam. Why would anyone proceed if they were suspicious? After all, "If it sounds too good to be true it probably is." While we've all heard this saying, there may still be times when the prospect of receiving something for nothing will overrides our better judgment and causes us to make a poor decision. The desire to receive something for free can be a powerful enticement and identity thieves understand this very basic human desire.
Perhaps the best step we can take to combat this crime is to spread the news, revealing the tricks of the trade and the tactics of these criminals. However, the first step is to educate yourself. The FBI website has some great information on how to identify and protect yourself from fraud.
Additional Tips for Avoiding Identity Theft
Here are a few additional tips to help you avoid identity theft.
1) Never click on a link in an email, text, or other communication when the only thing in the body of the message is the link. It's a good practice to contact the person who sent it to verify its authenticity.
2) Don't let (snail) mail remain in your mailbox for long.
