Identity Fraud – A Close Call

Last week, the VMIA released a risk alert highlighting two cases of large scale organisational identity fraud (you can view the alert here).  While these cases were at an organisational level, the warning was very timely – we have just had our own close call here at Beach Wealth Advisers.

Just this week I had an incidence whereby an email was received from a client requesting the transfer of funds from an investment portfolio (managed by me) to his bank account.  I engaged in an email dialogue with the client requesting confirmation of when, how much and the practicality of doing so.  For all intents and purposes, I was communicating with the client as the responses were coming from his personal Gmail email account.

After a slightly strange response to my request that the client give me a quick phone call for security purposes, something didn’t seem quite right, so I called the client immediately.  You can imagine how I felt when I discovered I had not been communicating with the client at all – but rather someone who had hacked his Gmail email account.

My client was not aware his email account had been hacked.  What is even scarier it that it was evident that the hacker had taken the time to go through the email history of the account, peruse old emails, obtain my details as this individual’s financial adviser and even type emails to me using similar language, greetings and sign-offs.  Frightening!  As you can imagine, there was a moment of panic!!

Fortunately, in this instance, we were able to nip it in the bud and no personal information was exchanged nor were any funds transferred.

As a result, we have now officially adopted the position in the office that any instructions received via email will need to be supported by a verbal confirmation from our clients.  This policy will be strictly enforced, regardless of where our clients are in the world at the time of the request.

I felt this was an experience worth sharing as a reminder for financial advisers and their clients (well, anyone for that matter!) to always be very aware and cautious when communicating via email.