Email is Great…Until it is a FraudFebruary 2012 – Alerts Securities Industry Practice Alert
FINRA recently put brokerage firms on notice of a new email scam involving requests for the withdrawal or transfer of funds. This latest scam should put all broker-dealers on notice to review your policies and procedures governing withdrawal or transfer requests to third-party accounts, particularly if they allow such requests to be made through email.
Such policies and procedures, FINRA suggests, should be geared toward ensuring that the email actually originates with a client and toward responding to red flags. These red flags include, among other things, requests that are out of the norm for the client in question, requests that funds be transferred to an unfamiliar third-party account, requests of an urgent nature or those designed to deter verification of the transfer instructions.
Considering the depth and skill of hackers, you cannot necessarily trust that a reply email to confirm the instruction is actually going to the client, as opposed to a hacker.
It seems to me that the best approach, short of barring acceptance of email requests, would be to use some old-fashioned technology — the telephone. All too often we tend to stand behind emails because it is such an easy thing to employ. Yet, faced with this new area of fraud, a simple confirmatory call to a client will go a long way to ensuring the viability of the request.
If the request is not valid, think of how happy the client will be that you thought enough to call. In other words, some simple client service could go a long way to protecting you and your clients.