BOSTON -- How do advisors know if their secure databases have been hacked? That’s easy.

“There are two kinds of firms out there. Those who have been hacked and those that just don’t know it yet,” said Greg Ruppert, a former FBI agent who's now vice president at Schwab’s Financial Crimes Investigations unit, speaking at the firm’s annual Impact conference.

Criminals have become much more sophisticated in their attacks on financial services firms, Ruppert said. Gone are the days when clients and advisors could quickly recognize fraudulent phishing requests for account information because of their poor grammar. Instead, cybercriminals are breaking into firm’s servers and lurking for weeks, even months. They harvest account numbers and other customer information, then either send realistic-looking emails or call advisors directly to request wire transfers or stock transactions “The mantra of the day is patience,” said Clyde Langley, also a former FBI agent and now a vice president of Schwab’s fraud prevention and investigations unit. “Criminals are sitting in compromised accounts, watching traffic and seeing what you and your clients are talking about.” If emailing, they will even attach an invoice to make it more believable, Langley said.

Information provided by Charles Schwab.


To stymie the increasingly sophisticated hacks, there are several must-dos, according to the Schwab team.

The most uncomfortable one? “Educate your clients,” said Michelle Thetford, vice president for advisor services and client strategic solutions at Schwab. “Don’t leave them out of the act.” It’s awkward since many clients expect advisors to take charge of all security and may not want to be bothered, Thetford acknowledged, “But you need them to be proactively engaged in safeguarding their money.”

Telling clients how the firm will handle cybercrime — and who is liable — after a fraudulent transaction is key. Unlike what happens after most sham credit card charges, counterfeit financial service deals are not refunded automatically. First, it must be determined if the security breach was the fault of the client, the bank or the advisory firm. Only then can the transaction be potentially reimbursed or reversed.

"Be especially wary of all phone calls that request an emergency transfer of funds. Try to arrange a video call if possible," Thetford suggested. "The more verification hurdles [criminals] have to cross, the more they will give up and move on,” she said.

Whenever you get an email from a client saying they are travelling, “you should immediately treat that as high risk,” Thetford warned. “Ninety percent of these situations are fraud.”

Be extremely cautious of wire requests for real estate transactions, said Thetford, calling these the “latest scheme and 50% of all the successful frauds we are seeing.”

In this ruse, hackers have monitored client emails between real estate agents and financial firms, and even captured copies of real estate documents. They use these actual discussions as an excuse to ask an advisor for a wire service fund transfer to a particular account. “You get an email saying the closing date is tomorrow, please wire $1 million, here are the wire instructions,” she said.

The only protection? Verify all transfer requests with the client personally, she said.

Read more: