A recent attempt to fraudulently extract funds from an adviser’s client account has shown the advanced means hackers use to fool institutions, adviser Philip J Milton has warned.
The North Devon-based firm had received an email purporting to be from a client. It claimed that the client was ill and requested a withdrawal of funds from their managed investment to pay an invoice.
Mr Milton said: “At first glance, the invoice appeared to be genuine, chatty and in the style the client would use. The email was not in an unusual format from ones we had received previously from the client and there was no initial reason to suspect this was fraudulent.”
The hackers, he said, had accessed email history to try to fabricate a message which appeared to be similar to the clients’ writing style.
Following further investigation, Mr Milton said that the company’s address on the invoice was in Bridgwater but the area code for the telephone was in Lincolnshire. The VAT number was also not recognised by HMRC.
The hacker then contacted the office more frequently using the clients email, querying if it had started to sell the investments to make the cash available, and pressed for urgent action.
Mr Milton said that no sales of investments were made as a result of the attempt, and that the close relationship the company enjoyed with its clients helped with this.
“We ensure that all withdrawal requests are made in writing and following our protocols and identification assurances to ensure that things like this do not happen,” he said.
He added: “We would advise all to be aware of the latest attempts for hackers to gain control of your finances. However, less astute firms may easily have been duped into acting on a message they believed was genuine and put the withdrawal processes into operation, even if to appear to be efficient in meeting the clients’ needs.”