Submitted by Karen Heintz - Professional Issues Committee Member
It was not that long ago that we laughed about the fraudster emails we would get that used obviously incorrect grammar and asked us if we could help their client open an account and bring $10 million in diamonds to the U.S. with a hefty fee for us. We don't see those anymore because the fraudsters have gotten smarter.
A fraudster emailed an advisor, from what appeared to be the exact correct email address of a client, with new wire instructions to wire a modest several thousand dollars because the client was abroad and needed cash. The client actually had been traveling abroad. The advisor forwarded the request to her assistant. The assistant replied to the client's actual real email address requiring a phone conversation with the client prior to sending a wire to a bank that was not set up on the client's account. The email string went back and forth a few times between the fraudster, the assistant and the advisor, with excuses why the client could not have a phone conversation, before they became suspicious that they may not be communicating with their actual client. A phone call to the client's cell phone confirmed that it was not the client making the request for money to be wired. Internal procedures being followed precisely saved several thousand dollars from being sent to a fraudster.
Similarly, in another city, a fraudster sent an email to an advisor, again from what was the actual real client email address. The client requested a third party wire to pay for an antique car they were buying from an online car dealer. The client had told the advisor he was looking at antique cars and had emailed the advisor some photos. The advisor told his assistant to wire the money and she said she could not do a third party wire without speaking to the client. The advisor was annoyed because he didn't want to bother the client and it seemed like poor client service. The assistant remained steadfast and when she called the client she learned that the client had not sent the email requesting money. Again, following internal procedures precisely saved thousands of dollars from being sent to a fraudster.
The smarter fraudsters are hacking into client's email systems, learning where they are traveling or what they are buying, finding the advisor's email address and trying to steal the client's money. No poor grammar or odd sounding phrases. Instead these emails from fraudsters sound just like the client they are pretending to be. No outrageous dollar amounts that would make anyone immediately suspicious. Instead, these are typical client requests. To stay ahead of the fraudster, advisors and staff have to make sure they talk with their clients and do not take direction or orders from clients via email.
In both situations, the clients were very glad to get the call to double check the requests. The clients were extremely concerned about how and who had hacked their email and they immediately notified their email provider. Advisors and staff were reminded why they follow internal procedures religiously.