Security Experts:

Investors Warned of Financially Motivated Email-based Attacks and Account Hijacking

The Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States, has issued an investor alert and a regulatory notice about an increase in financially motivated attacks, targeting the email accounts used by investors to initiate transactions. Similar warnings were recently issued by the FBI and the Financial Services Information Sharing and Analysis Center (FS-ISAC).

“FINRA has received an increasing number of reports of incidents of customer funds stolen as a result of instructions emailed to firms from customer email accounts that have been compromised. These incidents highlight some of the risks associated with accepting instructions to transmit or withdraw funds via email,” an overview of the regulatory notice explains.

At present, the common trend is to compromise an investors email account, and from the SENT folder, obtain the information needed to request wire transfers to accounts overseas. To add weight to the scam, the hijacked accounts are also used to send authorization letters to the brokerage firms, approving the illegal transfer.

According to the FBI, the transactions often transfer funds to Australia, before being forwarded to banks in Malaysia. As of December 2011, the attempted fraud amounts total approximately $23 million; the actual victim losses are approximately $6 million.

“In some instances, firms have released funds after unsuccessfully attempting to verify emailed instructions by phone. In at least one case, the fraudulent email stressed the urgency of the requested transfer, pressuring the brokerage firm to release the funds before verifying the authenticity of the emailed instructions,” the FINRA admonishes.

If you suspect that your account may be compromised, the first things to look for are reports of spam from people in your contacts folder, or a slew of bounced email messages from people you don’t know, the FINRA said.

“You might find that your password or other account settings have been changed - or that your email provider has blocked you from accessing your account.”

Monitoring your brokerage accounts for unauthorized transactions is another level of protection, but in all honesty it might do you little good if the firm falls for 419 scams or sends the money anyway, even if verification fails.

Subscribe to the SecurityWeek Email Briefing
view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.
view counter