The SEC just took action against a Latvian trader who hacked online brokerage accounts in the United States, costing customers $2 million.
On the same day the SEC announced its complaint, the FINRA issued an alert warning investors to guard against a two-step process where “fraudsters” gain access to their email accounts and then instruct the firms involved to transfer money out of their brokerage accounts.
The alert, called Email Hack Attack? Be Sure to Notify Brokerage Firms and Other Financial Institutions, looks at risks associated with accepting instructions to transmit or withdraw funds via email. The independent regulator of brokers also recommends that firms reassess policies and procedures to make they are adequate to protect customer assets.
"Investors who suspect that their email account has been hacked should immediately notify their brokerage firm and other financial institutions, and anyone who suspects they have been defrauded should file a complaint with FINRA," said Gerri Walsh, FINRA's Vice President for Investor Education.
In a related regulatory notice, FINRA said:
Regulatory Notice 12-05
Verification of Emailed Instructions to Transmit or Withdraw Assets From Customer Accounts
FINRA has received an increasing number of reports of incidents of customer funds stolen as a result of instructions emailed to firms from customer email accounts that have been compromised. These incidents highlight some of the risks associated with accepting instructions to transmit or withdraw funds via email. FINRA recommends that firms reassess their policies and procedures to ensure they are adequate to protect customer assets from such risks. The Federal Bureau of Investigation (FBI), Financial Services Information Sharing and Analysis Center (FS-ISAC) and Internet Crime Complaint Center (I3C) recently released a joint fraud alert describing a similar trend.
Tom Steinert-Threlkeld writes for Securities Technology Monitor.