Cyber
Security
Face it folks, there are many people from many countries that want your
money and or want your information.
These same people have all of the time in the world to become very
talented at hacking into your computer.
We pay for varying services to protect us. And the hackers spend their time working
around the firewalls, spyware, malware and other pieces of software designed to
protect our information and our money.
Recently I received an email from a long time customer. The email came from his usual email address,
therefore nothing seemed suspicious. He
requested an IRA distribution form. This
client is in his seventies and the request was not out of the ordinary. I sent a blank IRA distribution form and it
was returned promptly. The form had his
account number, address, and social security number.
First red flag was the distribution request was substantially more than
what he had in his IRA. The second red
flag was the funds were to be wired to a bank in Virginia. My client lives in Texas. I promptly called my client and he carefully
explained that he had not sent any emails nor any IRA distribution requests to
me.
I contacted my I.T. company to have them him check out my server and my
system to be sure we were not compromised on our end. I also contacted my consultant, for
compliance purposes since we are a broker dealer, to make sure I took
appropriate steps to document and contact the proper authorities.
We do have a written Cyber Security policy for our firm. I quickly thumbed through it. And proceeded to file a report with the
F.B.I. There is an online portal for
such purposes.
Later that evening my I.T. company had determined that our computer
system had not been hacked. And
my client’s email must have been hacked.
Unfortunate for my client. Very
relieving for me.
If our firm’s system is ever hacked, we must notify all of our clients
of the breech. That would be devastating
for our firm. I am sure you will agree
security is of great importance when one is entrusting us with their
investments.
The following day I contacted one of my banking friends to find out what
department of the bank I should call. I
wanted to make contact with the bank that was to receive the wire. He told me the B.S.A. Compliance Department
or Fraud Department. B.S.A. stands for
the Bank Secrecy Act.
I did contact the bank and gave them the account number so they would
know fraudulent activity was being operated through the account.
I could have contacted the local police, but after reading the website I
determined the online report forms did not fit the occurrence and would create
more questions than answers.
I also followed up with my client a number of times and he had his I.T.
firm work on his end. And at the end of
the day we stopped the potential theft from ever happening.
A different
occurrence.
A couple of years ago another client told me of an attempt at his
firm. The hackers had to have been
observing and reading the firms emails for quite some time. This attack was very well thought out. The hackers knew the names of the correct
executives and their job functions and the employees in accounts payable.
One day a request for a wire of funds was sent to an employee in
accounts payable. The wire request was
in excess of $300,000. The amount was a
little high but not completely out of the ordinary for this firm.
The employee was one keystroke from sending the wire and decided to ask
the controller of the firm if it was legitimate. My client, the controller, looked into the
request further. He made a phone call or
two and verified the request was not valid.
They dodged a large bullet that day.
Thereafter, the firm has instituted more layers of review before wires
of such size are sent out.
Procedures,
procedures, procedures.
After mine and my clients scare last week, we are instituting additional
layers of procedures as well. We cannot
be careful enough. There are many people
out there who want our money and our information.
Be careful out there.
No comments:
Post a Comment