I recently received a fraudulent request by email to distribute funds from a client’s account. Here’s a quick description about what happened and how we as a team responded to thwart the theft.
Tricks Used by the Hacker:
- The request came from an email address that we recognized as being from one of our clients.
- He referred to me by my first name and began with well wishes about my family.
- He requested a partial (not total) withdrawal of funds from the account.
- He referred to the custodian of the account, i.e. Schwab.
- He said that after some discussions between him and his wife (referred to by her first name), they decided to sell out of some funds in the account, and he asked for a $30,000 distribution.
- He asked if it would be possible to make this transfer to a third party account.
- He closed by identifying himself by the name of our client.
Our Response as a Team:
- I picked up the phone and called our client regarding the email. He was flabbergasted about the situation, and he quickly recognized that their email account had been hacked. He confirmed that he was not requesting a distribution!
- I called our service team at Charles Schwab to report this situation.
- Schwab placed all of the client’s accounts on high alert.
- Schwab recommended for the client to (a) change the password on his email account, (b) change his password on the Schwab website for his accounts, and (c) add a verbal password as a second layer of account security.
- It was also recommended for the client to contact the Identity Theft Team at Schwab.
- Our client changed all of the passwords for his financial accounts and email account.
- He notified his bank about this security breach.
- He contacted the Identity Theft Team at Schwab.
- He made arrangements for their computer to be cleaned and to have up-to-date antivirus software installed on the computer.
- It took several days for these corrective measures to be executed, and our client experienced some very unwanted distress throughout this process.
- However, we followed our process of calling him directly to verify his intentions about any distribution from his accounts.
Perspective About Our Cybersecurity:
As a firm we have devoted a great deal of time and resources to address our safeguards and processes. We work closely with an IT firm in Omaha regarding our cybersecurity needs, and we are undergoing an intensive process improvement study with a cybersecurity expert from Charles Schwab.
It is a top priority for us as a team to assure that our clients’ assets are secure. You’ve worked very hard and saved and planned for your retirement nest egg. The last thing we want to have happen is for your hard-earned assets to end up in the hands of a thief.
In this incident, there was no direct attack to our systems; we were not internally attacked. The hacking was done externally to use information gained about our clients. One of our processes is to always verbally confirm with our clients regarding distribution of funds. Our processes worked as planned.
This incident is a reminder for all of us to always be on guard against identity theft!
Give us a call at 712-256-4856 with any questions you may have about how we as a team can help you to better protect the security of all of your assets.
[Financial Planning and Investment Management Services offered through Dickinson Investment Advisors, Registered Investment Advisor. Statistics and market information provided by Litman Gregory Advisor Intelligence.]