All firms run the risk of being used by criminals for fraudulent activity, so it is vital to remain vigilant. Fraudulent emails are becoming more sophisticated and we recently became aware of a new scam targeted at financial intermediaries.
- The scam revolves around your client’s email account which has been hacked.
- You receive a request from the hacked account asking for funds to be sent to your client’s genuine bank account.
- The hacker, posing as your firm, emails your client to explain that funds have been sent by you to their bank account in error. This email requests your client to return these funds to your firm.
- The bank account quoted for the return of funds belongs to the hacker. Your client has effectively sent their own money to the hacker.
Relying only on one source such as an email puts your firm at risk. If your client requests a fundamental change such as a withdrawal, change of address, name or bank account you should consider undertaking further verification. In these situations we recommend you consider seeking secondary verification of the request, for example by making a telephone call to the client using a number you hold in your records or confirming the request separately in writing to a known address.
Should your firm or one of your clients become subject to this type of fraud then you may ultimately need to address client concerns about your internal processes, as well as make the necessary reports to Action Fraud or the National Crime Agency.
Jon Roberts is compliance policy consultant at Threesixty