Hack Attack: An Experience with a Cyber ThiefSubmitted by Stone House Investment Management, LLC on February 12th, 2018
As financial advisors, we are continually seeking ways to keep information safe online. As identity theft and fraud are becoming increasingly more common, we all have to be more diligent to protect our identities and assets. A recent experience that impacted one of our clients illustrates a real-world example of identity theft and how we were able to protect our client from the scammer.
It was a Friday afternoon when a client emailed their Stone House advisor inquiring about one of their investment accounts. In this well-written email that contained details only the client should have known about his finances, he explained that he wasn’t feeling well. This email didn’t seem too far out of the ordinary, but something seemed odd about this request.
To confirm the details contained in the email, we reached out directly to the client via text message about his request. Quickly, the client responded with, “I didn’t send you anything”. That’s when it all made sense. This was a classic scam – one that we’ve talked about in our office and for which we have had specific training. We called the client to discuss what was happening. While on the phone, we received an email back from the scammer asking us to proceed with getting the funds around and they would send over the transfer information. It was even signed using a nickname of the client, as the fraudster wanted to keep it sounding quite personal.
In conversation with the real client via phone, we discovered that the scammer had hacked the client's personal email account and set up a filter to hide the emails sent to the client from financial institutions. This was done so that the scammer could communicate with us from the client’s email without the client knowing.
Once we alerted the client to the scam, he deleted these filtering rules and changed his email password. We advised him to be extra diligent and look for any other evidence of fraud since the scammer was able to hack his personal email account and see all of his emails. The client already has a credit monitoring service in place, which is a recommended precaution to aid in preventing cyber thieves from using your credit cards and opening new lines of credit.
This quick story demonstrates the importance of internet security and ensuring your passwords are complex and kept safe. We don’t know how this hacker obtained the client's personal email password but they had full access to the client’s email account, which contained confidential details about their financial information, connection to Stone House and other financial institutions, as well as personal information about the client that could be used by a scam artist.
We have policies in place to recognize and try to prevent fraud like this from happening to our clients. We scrutinize distribution requests and take extra measures to verify the client’s identity if a client requests money be sent to someone other than themselves. It is just one example of the lengths that we go to keep our clients’ money protected.
Are you concerned about identity theft?
Contact us to schedule a complimentary review of your accounts.