posttrib
CRACKLING 
Weather Updates

Financial advisers tricked to help steal from clients

A new cyber scam is targeting financial advisers.

A new cyber scam is targeting financial advisers.

storyidforme: 35946833
tmspicid: 13110356
fileheaderid: 6038660

Updated: September 28, 2012 6:20AM



In a new twist, cyber-robbers are using ginned-up email messages in attempts to con financial advisers into wiring cash out of their clients’ online investment accounts.

If the adviser falls for it, a wire transfer gets legitimately executed, and cash flows into a bank account controlled by the thieves — leaving the victim in a dispute with the financial adviser over getting made whole.

Anecdotal evidence of this ruse — directed at financial planners, estate lawyers and other advisers who rely on e-mail and online banking to work with clients — has just begun to surface, say tech security and online banking experts.

“It’s the Willie Sutton principle at work,” says Adam Dolby, an independent banking security consultant. “Robbers go where the money is.”

IDentity Theft 911, a theft-recovery service, is working on a case where a faked e-mail led to a $35,000 transfer into a thief’s account.

“That victim may be looking at a complete loss,” investigator Mark Fullbright says.

In another recent caper, a veteran financial planner was fooled by a Gmail message appearing to arrive from an insurance company executive, says Adam Levin, IDentity Theft 911’s chairman. The email carried instructions to wire $15,850 into an account at PNC Bank, worded in a casual style similar to past emails the financial adviser had received from the executive, Levin says.

Luckily, the financial planner phoned his client to clarify which account to pull the money from. “They determined it was a fraudulent email,” Levin says.

Cybercriminals have discovered that investors now routinely rely on e-mail to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.

Taking over or impersonating someone’s email account likewise isn’t hard to do. “It’s low-tech,” says John Zurawski, a vice president at Authentify, supplier of single-use PIN codes delivered by cellphone text messages. “Instead of managing layers of malicious software, all the bad guys need is email and phone skills.”

This new scam is the latest strain of a long-running crime wave that preys mainly on small and midsize organizations. The banking industry has steadily been making it tougher for hackers to use computer infections to carry out wire transfer fraud against small organizations, says Jon Callas, chief technology officer at authentication firm Entrust.

“The shift to personal advisers and individual wire transfers is an indication that the well is running dry for them with small businesses and small government,” he says.

Gannett News Service



© 2014 Sun-Times Media, LLC. All rights reserved. This material may not be copied or distributed without permission. For more information about reprints and permissions, visit www.suntimesreprints.com. To order a reprint of this article, click here.