The regulators are getting a lot of reports that criminals are hijacking investors' email accounts and using them to loot bank and brokerage assets. Tell your clients.
FINRA's new alert on email fraud tells retail investors what to look out for: weird replies to messages they never sent, unauthorized account setting changes, or even just a wave of account hacks among people they know.
By this point, your clients should know never to click directly on a link in an email from someone they don't recognize. Scam artists often hide virus code in these links to tempt the unwary into downloading trouble.
Once these hackers get their software onto a computer, they can then access the email account and send withdrawal orders to any financial institutions they find mentioned in the files.
FINRA advises anyone who thinks their account has been hacked to notify their intermediaries -- banks, brokers, credit card companies, everyone -- and change their account numbers and all passwords immediately.
The regulators also warn financial companies that it's never a good idea to simply accept an email note as a valid order to pull money out of an account.
Email has become ubiquitous and has come a long way in terms of security, but it's still nowhere near foolproof.