Say a hacker sets up the domain for Sschwab.com or TDAmmeritrade.com and emails you requesting you send confidential information or builds a few Web pages that look just like your custodian's site.
While there is no known effort to perpetrate such a fraud by using these or other brokerages, "typosquatting" is a real security threat advisors should be aware of.
Researchers at security think tank Godai Group set up phony domains using small typos. It yielded a treasure trove of personally identifiable infrotmation.
"During a six‐month span, over 120,000 individual emails (or 20GB of data) were collected, which included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc," according to the researchers.
A story on PC World highlights the threat and provides more detail.
It lends further evidence to the notion that advisors need to be mindful of social engineering attacks.
Educating clients about how to protect themslves against this growing scourge would be wise.