Cyber-crooks fool financial advisers to steal from clients

August 30, 2012 by Byron Acohido

In a new twist, cyber-robbers are using ginned-up e-mail messages in attempts to con financial advisers into wiring cash out of their clients' online investment accounts.

If the adviser falls for it, a wire transfer gets legitimately executed, and cash flows into a bank account controlled by the thieves - leaving the victim in a dispute with the financial adviser over getting made whole.

Anecdotal evidence of this ruse - directed at financial planners, estate lawyers and other advisers who rely on e-mail and online banking to work with clients - has just begun to surface, say tech security and online banking experts.

"It's the Willie Sutton principle at work," said Adam Dolby, an independent banking security consultant. "Robbers go where the money is."

IDentity Theft 911, a theft-recovery service, is working on a case where a faked email led to a $35,000 transfer into a thief's account.

"That victim may be looking at a complete loss," investigator Mark Fullbright said.

In another recent caper, a veteran financial planner was fooled by a Gmail message appearing to arrive from an insurance company executive, said Adam Levin, IDentity Theft 911's chairman. The email carried instructions to wire $15,850 into an account at PNC Bank, worded in a casual style similar to past emails the had received from the executive, Levin said.

Luckily, the financial planner phoned his client to clarify which account to pull the money from. "They determined it was a fraudulent email," Levin said.

Cybercriminals have discovered that investors now routinely rely on to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.

Taking over or impersonating someone's likewise isn't hard to do. "It's low-tech," said John Zurawski, a vice president at Authentify, supplier of single-use PIN codes delivered by cellphone text messages. "Instead of managing layers of malicious software, all the bad guys need is e-mail and phone skills."

This new scam is the latest strain of a long-running crime wave that preys mainly on small and midsize organizations. The banking industry has steadily been making it tougher for hackers to use computer infections to carry out wire transfer fraud against small organizations, said Jon Callas, chief technology officer at authentication firm Entrust.

"The shift to personal advisers and individual wire transfers is an indication that the well is running dry for them with small businesses and small government," he said.

Explore further: Caller ID spoofing scams aim for bank accounts

Related Stories

Businesses fall prey to cyberthieves' cunning

April 4, 2011

Among the growing ranks of consumers, business owners and others being lured by the convenience of online banking are legions of cybercrooks who have found the technology a convenient way to steal from unsuspecting victims.

Recommended for you

Engineers use replica to pinpoint California dam repairs

June 26, 2017

Inside a cavernous northern Utah warehouse, hydraulic engineers send water rushing down a replica of a section of a dam built out of wood, concrete and steel—trying to pinpoint what repairs will work best at the tallest ...


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Aug 30, 2012
The investment types resent cyber crooks stealing from the clients they are stealing from, do I have this right?
not rated yet Aug 30, 2012
The banksters print money out of nothing. They have no consideration. That is illegal. But anything goes in warmongering USA. The nothing comes from the assets they steal. Failing that the USA trashes the nation and creates famines, as in Somalia and Libya.

Then the fascist thieves wonder why the dispossessed want some of their stolen resources wired back home. Americans don't care so long as the money keeps rolling in. Keep Bradly and Wikileaks on the run!

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.