A recent investor alert about email hacking issued by financial industry watchdog FINRA (Financial Industry Regulatory Authority) reminded us that scams can come from almost any direction at any time, and we thought we should do our part to help get the word out about the latest in investor fraud and criminal activity. At The Green Firm, we generally focus our attention on the ways in which crooked brokers and irresponsible brokerage firms get over on their unwitting clients. But if you're an investor, you should always keep in mind that threats to your investments and your financial security often come from that most insidious, complex, and anonymous of sources: the internet.
According to FINRA's alert, they have recently been receiving an increasing number of reports of investor email accounts being hacked and those compromised accounts being used to send instructions to brokerages regarding the transfer or withdrawal of funds. Basically, what happens is, once a hacker has broken into your email, they search your contacts and/or sent email; they find your broker or brokerage's email address; and then they email a request for your money to be wired out of your account to a third-party account, often overseas. And poof! Your money disappears.
FINRA isn't the only agency getting the word out on this. Apparently it's happening often enough for the FBI, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Internet Crime Complaint Center (I3C) to be issuing warnings of their own.
If you're unfortunate enough to have your email account hacked, there are some telltale signs that will help you act quickly and do damage control before your money vanishes. First, you'll probably get messages or notifications from friends that your account has been sending Spam messages. Second, you may see a sudden influx of "bounced" email messages in your inbox, as the hacker or hacker's program sends out a flurry of random emails, often to contacts with invalid addresses. Finally, you may find you can no longer access your own email account because the password has been changed.
Now, here's what you do if you notice any of those things we just mentioned:
1) Notify your broker and brokerage firm immediately that your account may have been hacked.
2) Notify your bank and credit card holders of possible fraud activity.
3) Check your online statement for unauthorized activity.
4) Change all your usernames and passwords on all your email accounts and online investment accounts.
Hopefully, if you act fast enough, the fraudsters won't get very far with their scamming. Once you've done all of the above, you may as well also notify the security agencies so that they can help prevent others from fallen victim to the same scams and crooks.