Advisors beware: Top tricks of fraudsters

Security experts say the sophistication level of hackers and scam artists grows daily.

Now, for instance, when those phishing expedition emails arrive appearing to bear the return address of a client, and asking an advisor to click on a link, the fraudster may have the technology to return what looks like authentication if the advisor does reply to authenticate.

Of course advisors should never, ever click on such a link, even if they receive a telephone call confirming its authenticity, experts say. But as fraudsters become more sophisticated, screening for scams can be difficult.

'PICK UP THE PHONE'

Steve Ryder concedes that some emails have tempted even him. The CEO of the Keene, New Hampshire-based True North Networks, a company that provides IT solutions, recently told an audience of advisors that he has received emails purportedly from clients that seem so legitimate he barely stopped short of clicking on the rogue link included. But before doing so he called the client and discovered the ruse.

A voice-confirmation on the telephone, however, does not provide any guarantees, particularly if the call is incoming. Advisors offer horrifying tales of when clients have received emails, followed up by telephone calls with hard-to-hear connections from alleged nephews or nieces.

A client called her with just such a scenario including a yarn about a nephew being stranded in Mexico and needing money to get out of jail, recalls Cheryl Holland, the owner of Columbia, S.C. -based Abacus Planning Group. “You’ve got to pick up the phone and call the nephew’s parents,” Holland told her client. When the client did, she found out her nephew was in the United States, no further South, and furthermore, did not need money.

PREPARED FOR A BREACH

Inevitably, an intern will click on a rogue link, Joseph Birkofer expects. But the partner at Legacy Asset Management in Houston has taken steps to limit any damage stemming from such slips. His firm keeps all its data on the cloud rather than any network.

What does that mean? When an intern or someone else inadvertently clicks on a rogue link, “they blow up only their one computer,” Birkofer says. The episode may lead to a $400 expense to make the fix, but the firm has “not been totally breached, with everything affected,” he says.

When stories about JP Morgan Chase’s system getting breached dominate the headlines, Birkofer believes financial advisory firms have to be realistic. “I assume there will be a data breach; we focus on being prepared,” he says.

Miriam Rozen, a Financial Planning contributing writer, is a staff reporter at Texas Lawyer in Dallas.