The Securities and Exchange Commission just took action against a trader in Latvia that hacked online brokerage accounts in the United States, costing customers $2 million.
On the same day the SEC announced its complaint, the Financial Industry Regulatory Authority issued an alert warning investors to guard against a two-step process where “fraudsters” gain access to their email accounts and then instruct the firms involved to transfer money out of their brokerage accounts.
The alert, called "Email Hack Attack? Be Sure to Notify Brokerage Firms and Other Financial Institutions," looks at risks associated with accepting instructions to transmit or withdraw funds via email. The independent regulator of brokers also recommends that firms reassess policies and procedures to make they are adequate to protect customer assets.
“Investors who suspect that their email account has been hacked should immediately notify their brokerage firm and other financial institutions, and anyone who suspects they have been defrauded should file a complaint with FINRA,” said Gerri Walsh, FINRA’s Vice President for Investor Education.
FINRA issued a notice stating that the regulator has received an increasing number of reports of incidents of customer funds stolen as a result of instructions emailed to firms from customer email accounts that have been compromised. These incidents highlight some of the risks associated with accepting instructions to transmit or withdraw funds via email. FINRA recommends that firms reassess their policies and procedures to ensure they are adequate to protect customer assets from such risks. The FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC) and Internet Crime Complaint Center (I3C) recently released a joint fraud alert describing a similar trend.