The Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States, has issued an investor alert and a regulatory notice about an increase in financially motivated attacks, targeting the email accounts used by investors to initiate transactions. Similar warnings were recently issued by the FBI and the Financial Services Information Sharing and Analysis Center (FS-ISAC).
“FINRA has received an increasing number of reports of incidents of customer funds stolen as a result of instructions emailed to firms from customer email accounts that have been compromised. These incidents highlight some of the risks associated with accepting instructions to transmit or withdraw funds via email,” an overview of the regulatory notice explains.
At present, the common trend is to compromise an investors email account, and from the SENT folder, obtain the information needed to request wire transfers to accounts overseas. To add weight to the scam, the hijacked accounts are also used to send authorization letters to the brokerage firms, approving the illegal transfer.
According to the FBI, the transactions often transfer funds to Australia, before being forwarded to banks in Malaysia. As of December 2011, the attempted fraud amounts total approximately $23 million; the actual victim losses are approximately $6 million.
“In some instances, firms have released funds after unsuccessfully attempting to verify emailed instructions by phone. In at least one case, the fraudulent email stressed the urgency of the requested transfer, pressuring the brokerage firm to release the funds before verifying the authenticity of the emailed instructions,” the FINRA admonishes.
If you suspect that your account may be compromised, the first things to look for are reports of spam from people in your contacts folder, or a slew of bounced email messages from people you don’t know, the FINRA said.
“You might find that your password or other account settings have been changed – or that your email provider has blocked you from accessing your account.”
Monitoring your brokerage accounts for unauthorized transactions is another level of protection, but in all honesty it might do you little good if the firm falls for 419 scams or sends the money anyway, even if verification fails.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
