To hackers and identity thieves, few things could be more enticing than cracking open a business. From corporations to small businesses, there’s the potential to gain access to the personal information of hundreds, thousands or even millions of customers in a single hack. Financial advisory practices are particularly alluring targets because they handle so much money, and because of appeal, “spoofing” is striking the industry hard.
Spoofing is the buzzword that’s used when a hacker or thief impersonates a financial adviser’s client and requests transfers, or the disclosure of sensitive information. One common method used by thieves is hacking into a client’s email account and then sending emails to the advisory practice, asking funds to be transferred to certain accounts. The savviest of these criminals can also find out ways to get into a client’s mobile phone account, set up call forwarding and then impersonate the client in case the adviser calls to confirm the requested transaction.
Financial advisers have to put in place certain security procedures to prevent spoofing from happening. While it’s not an extremely common occurrence, clients should make sure they understand how their adviser handles sensitive information.
“Good procedures can circumvent this,” says Linda Leitz, Chair Elect of the National Association of Personal Financial Advisors. “Also, many financial advisers don’t take custody of investment assets.”
For consumers working with financial advisors, asking questions about security isn’t just important anymore – it’s essential. Here are a few things to ask:
- Does the firm have a company-wide policy when it comes to verifying clients’ identities? What are the details of the policy? Is it single- or multiple-layer?
- Are options like video chat available for requesting major transactions or other client-initiated actions?
- Does the firm have a plan of action in case spoofing or other hacking occurs?
Protecting against identity theft is often an individual’s responsibility, but companies that deal with sensitive information also have an obligation to protect clients’ assets and interests.