Cybersecurity & Fraud Prevention

VERNESA HARPER:  My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Today, I want to bring attention to a common fraud scheme impacting advisors and clients, business email compromise, which is also known as email account compromise. Scammers know that you and your clients rely on email to conduct business, which is the same reason that email is the number one gateway to cybercrime. 
    
This scheme is carried out when a fraudster compromises a legitimate business or personal email account through social engineering or computer intrusion techniques, malware, for example, to request unauthorized transfers of funds.

Once the fraudster has access to the client's email account, they will search to see if the client has a relationship with an advisor. Fraudsters will piggyback on an existing email conversation between the advisor and the real client a request to send an outgoing transaction to an account that the fraudster controls. 

One of the tricks that sophisticated fraudsters use is spoofing the client's email address, which happens when they create a new account that looks very similar to the client's real email address. Then the fraudster sends an email from this new email address to the advisor posing as their client to request an outgoing fraudulent transaction.

We've also seen fraudsters leverage a relationship between a client and some third party. The end goal is to get the advisor to facilitate a fraudulent outgoing transfer from the client's account. Let's look at some red flags to watch out for. 

The first red flag is a spoofed email address. As mentioned earlier, the fraudster will create an email address that looks very similar to the client's real email address. 

The second red flag is fraudsters will piggyback on existing email communications with the advisor. Look for an abrupt change in the email tone. 

The third red flag is creating a sense of urgency. Every email request from a fraudster is supposedly urgent, and fraudsters will try to play on the advisor's emotions to get them to act quickly. 

The fourth red flag is inconsistent grammar or spelling errors. 

The fifth red flag is attempting to limit communication to email. The fraudster will come up with reasons as to why they're unable to get on the phone with you to verbally verify the request, using the excuse that they only have access to their email. 

The sixth red flag, the money movement instructions are sent in an email followed by a new set of instructions that are sent by the fraudster. 

And the seventh and last red flag is the transaction is rejected by the receiving bank. 

Schwab requires advisors to call clients to verbally verify the details of all money movement instructions, especially email, before sending the instructions to Schwab. Fraudsters succeed in their schemes when an advisor acts on fraudulent money movement instructions without verbally verifying them with their client, resulting in a successful email compromise fraud incident. 

The Schwab Security Guarantee doesn't cover fraud loss when the money movement activity is facilitated by the advisor. In these cases, the advisor is liable for the loss in their client's account. 

The verbal verification is not just a Schwab requirement, but most insurance companies require it, as well.

Let's talk about how you can protect your firm and your client assets. Assume the email is fraud until you can prove that it's not. Look for spoofed email addresses. Avoid sharing confidential information in an email. Verbally verify all money movement instructions received in an email with your client. Encourage your clients to utilize two-factor authentication, which is an added layer of security for email accounts. And, lastly, utilize the eAuthorization channel, which is the fastest and safest way to move money in your client's account. 

If your client becomes the victim of the email account compromise scheme, please contact Schwab immediately and we will reach out to the receiving firm to recall the funds.

00:00:06 – VERNESA HARPER: 
My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Being the victim of cybercrime is a frightening and a stressful experience. And when your client's information is exposed, time is of the essence to help minimize the impacts to your clients. 

00:00:28
Today, I'm going to highlight some of the common data incidents and cyber risk events, and I'll discuss how you can work with Schwab if your firm has to respond to one of these situations.

00:00:41
Let's review four common data incidents and cyber risk events that we've seen impacting our advisors. Microsoft Office 365 email compromise. And for this particular data incident, the point of compromise is usually phishing. You or a firm employee receives an email appearing to be from a trustworthy source. You click on a link or download an attachment. The outcome is a bad actor is able to gain access to your email. 

00:01:13
We've also seen ransomware attacks, where a bad actor is able to gain access to your firm's server files through an unpatched system. The files are downloaded or encrypted. 

00:01:27
In addition, we've seen advisor device compromise. And this happens when you or someone at your firm clicks on a link or downloads an attachment in a phishing email or visits a fraudulent website. Then malware is installed on the device, which allows a bad actor to record keystrokes, capture passwords, and review unprotected spreadsheets. 

00:01:56
And, lastly, you may encounter physical loss of information, such as a stolen laptop where you have clients' data and files stored. 

00:02:06
It's critical that you let us know as soon as possible when your firm experience one of these scenarios because we may be able to assist with heightened security measures.

00:02:19
Like you, Schwab has a vested interest in your clients' security. And we treat the safeguarding of client information as our top priority. 

00:02:31
To learn more information about how you can work with Schwab, please visit the Cybersecurity Resource Center and review the advisor data incidents and cyber risks requirements resource. Also look for information on the Cybersecurity Resource Center to help you build and strengthen the cybersecurity program at your firm.

00:02:53
In case you review the data incidents and cyber risk requirements video first, I would like to encourage you to review the phishing video. This video will provide you with examples of phishing attacks that fraudsters use that can lead to an advisor data incident and cyber risk event.