At the moment there is a lot of discussion in the financial services profession to encourage the government to extend the ban on cold-calling, to try to avoid the scams that fraudsters are pushing. I think this is a good step as we are keen to ensure clients are protected against the scams and cyber-attacks that threaten their finances.
The problem, of course, is that the bad guys will not abide by the rules and will carry on trying to catch out the vulnerable.
Education is key to keeping yourself protected. As a Chartered Financial Planner and Accredited Financial Planning firm, we feel we have a duty to share tips and advice about safe interactions online and the importance of validating anyone who comes along with an “unmissable” offer.
However, it is not just about the clients. All Financial Service firms need to be especially vigilant, with robust procedures in place to make sure we do not fall prey to cyber-criminals either and put their clients in jeopardy as a result.
One of the biggest threats clients face is the possibility of hacked email accounts. People carry out much of their correspondence via email these days and it is normal to receive a request to move money around or to put together financial information. But hackers are an intelligent bunch. A quick review of email exchanges could well reveal the existence of certain investments and potentially give the hacker access to the amounts involved.
The hackers are convincing: they write in good English and can mimic the tone of earlier exchanges, such as the way the client signs off.
Knowing our clients well is fundamental to protecting them from malicious attacks of this sort. If something is unexpected and out of character, alarm bells will ring. But that only goes so far. If the request has a ring of normality about it, it may not be easy to spot as a fraud. So clients and their financial advisers need to be vigilant.
Many of the clients that email us regularly are on first name terms with the team. The relaxed, friendly relationship with the client is something we encourage and promote but it creates its own risks. The informality can lead to a false sense of security. Would you question a message that asks after your family or mentions your holiday before throwing in a request for a withdrawal? So how can we protect our clients from this happening? Quite simply, by having the very strictest of procedures to control how we operate and by instilling into our staff the importance of adherence to these controls at all times.
We have put together some straightforward rules about how we respond to clients’ emailed or written requests for changes to their portfolio. These rules are designed to keep our clients protected and they have been grateful for the steps we are taking to keep them safe.
For clients, we recommend they keep their log in details safe and secure. Don’t keep them all written in a book you carry everywhere, as if it is stolen, you’ve as good as given them the keys to your house. Use multiple passwords too.
One of the biggest dangers is opening infected documents and clicking on malicious links. We encourage our clients to call us if they get a suspicious email (don’t forward it, as you can spread the virus) so we can help to authenticate it or not. Its better to be safe than sorry.
Make sure your financial affairs stay safe by being vigilant.