Dickinson Investment Advisors and Charles Schwab & Co., Inc. (“Schwab”) are serious about protecting our client’s money from fraud.
Imagine this scenario: One day I come into the office and receive an innocent enough looking email from you requesting a distribution of money from your account. The email says that the matter is urgent – you are closing on a vacation property this afternoon, and you need the funds sent to your bank account. Everyone knows that we are supposed to get authorization before moving money to a client, and everything seems to be in order.
But the next thing we know the money is transferred by wire to your bank account, and a thief has removed it. Unbeknownst to us, your email, passwords and contact information had been compromised.
Over the past several months, advisors and their clients have increasingly been targeted by scammers seeking to use email to commit wire fraud. Both the FBI and FINRA have issued alerts identifying investment advisors as one of the groups being consistently targeted for attempted fraud.
As an industry leader, Charles Schwab & Co., Inc. (“Schwab”) is taking action to combat this threat. Schwab wants to help protect advisors and their clients from fraudulent wire requests. A combination of tactics, best practices, and advisors’ extensive knowledge of their clients are vital for avoiding losses from this type of attack.
We are aware of the risk and have engaged in special training to protect our clients. One of the most important steps we are implementing is not accepting emails as authorization for money distributions. We have to talk to you personally before we will distribute funds. As a small company, we know our clients’ voices on the phone. We are familiar with their habits and typical actions regarding their accounts. Most fraud can be averted by being familiar with each other.
Charles Schwab & Co., Inc. (“Schwab”) has provided the following guidance for us to use to protect our clients and our firm against wire fraud:
Step 1: Understand how email-based wire fraud works.
Typically, email-based wire fraud occurs when an unauthorized individual gains access to a client’s email account. Once the account has been compromised, the fraudster finds the advisor’s contact information and starts a conversation, ultimately requesting third party wired funds. The fraudsters sometime even have the ability to produce a letter or authorization for this unauthorized wire request.
Any wire transfer sent without verbal confirmation with your client is a wire transfer at risk. Always verbally confirm wire transfers over the phone, or in person, with your clients.
Step 2: Know the warning signs of a fraudulent email request.
While each attempted fraud is unique, many share certain traits. Be on the lookout for:
- “Rush” requests. Often, fraudulent requests insist that the funds transfer must happen as quickly as possible, due to some sort of emergency or purchase.
- Unavailable by phone. In order to avoid having the fraud discovered, these requests may note that the “client” cannot be immediately reached by phone to confirm the request, but can do so at a later date.
- Odd wording. Many fraudulent requests include uncommon phrases, grammatical errors, incorrect punctuation, spacing and/or capitalization.
Step 3: Learn what Charles Schwab & Co., Inc. (“Schwab”) and the financial industry recommend for combating email-based wire fraud.
- Ensure your firm has up-to-date policies regarding email-based wire requests, and that every firm member is aware of these policies.
- Require verbal confirmation of every single email-based trading or money movement request through a phone call to the client.
- When speaking with your client, make sure the voice and behavior are in line with the voice and behavior of your client.
- Require that more than one person in your office review all wire requests before they are sent for processing.
- Notify your service team at Charles Schwab & Co., Inc. (“Schwab”) if you suspect any fraud or fraud attempts.
Step 4: Understand phishing attacks.
One of the most dangerous security threats both you and your clients face is the phishing attack, in which criminals impersonate trusted institutions (established companies, government agencies, etc.) in an attempt to gain access to sensitive data.
- Ensure that everyone in your office is aware of these schemes and knows how to avoid them.
- Review past articles to learn more about how you can help your clients identify and protect against phishing scams, including tax-related schemes that tend to crop up during the tax season.
Dickinson Investment Advisors is taking the following actions to protect your money:
- It is our policy to visit with you personally for instructions. If you email us, someone on our staff will call you first.
- All of our staff is aware of the increasing nature of this risk.
- None of our client’s vital account information is hosted in the “cloud.” Our computer data is 100% physically hosted at our office.
- Our file server that holds the data is separate from Dickinson & Clark CPAs’ data.
- Our file server is locked in a heavy duty file cage that is physically heavy and bolted into the floor.
- We have asked our computer consultant to install multiple firewalls and to increase our systems security to the level required by banks.
- We have a security alarm system.
- We have backups of our data, and in the case of a physical disaster we can reestablish our office in another location within a day. Our strategy to do so is documented in a disaster recovery plan.
- Insurance is carried by Dickinson Investment Advisors and by Schwab to cover losses in the unlikely event that our security plans would fail.
No policy or plans can ever make us completely immune from fraud and phishing attempts. However, by working together, we believe that we can significantly reduce the incidence of these types of crimes, and protect our clients and their assets.
Ron Dickinson, CFP®, CPA, MPA-Tax
Disclosure: These materials have been independently produced by Dickinson Investment Advisors. Dickinson Investment Advisors is independent of, and has no affiliation with, Charles Schwab & Co., Inc. or any of its affiliates (“Schwab”). Schwab is a registered broker-dealer and member SIPC. Schwab has not created, supplied, licensed, or endorsed, or otherwise sanctioned these materials nor has Schwab independently verified any of the information in it. Dickinson Investment Advisors provides you with investment advice, while Schwab maintains custody of your assets in a brokerage account and will effect transactions for your account on our instruction.