View more on these topics

Carl Lamb: Advisers must not fall prey to scammers

Advice firms must be extra vigilant not to fall prey to cyber-criminals and put clients at jeopardy

There has been much discussion about whether or not the cold-calling ban is worthwhile. My view is that it is a positive step in the right direction, but we have a long way to go to ensure clients are protected against the scams and cyber attacks that threaten their finances.

The problem, of course, is that the bad guys will not abide by the rules and will carry on trying to catch out the vulnerable.

Education is key to keeping clients protected. Every firm has a duty to share tips and advice about safe interactions online and the importance of validating anyone who comes along with an “unmissable” offer.

However, it is not just about the clients. Advice firms need to be especially vigilant, with robust procedures in place to make sure we do not fall prey to cyber-criminals either and put our clients in jeopardy as a result.

One of the biggest threats clients face is the possibility of hacked email accounts. We carry out much of our correspondence via email these days and it is normal to receive a request to move money around or to put together financial information. But hackers are an intelligent bunch. A quick review of email exchanges could well reveal the existence of certain investments and potentially give the hacker access to the amounts involved.

The hackers are convincing:  they write in good English and can mimic the tone of earlier exchanges, such as the way the client signs off.

Knowing the client well is fundamental to protecting them from malicious attacks of this sort. If something is unexpected and out of character, alarm bells will ring. But that only goes so far. If the request has a ring of normality about it, it may not be easy to spot as a fraud.

Many of the clients that email us regularly are on first name terms with their adviser team. The relaxed, friendly relationship with the client is something we encourage and promote but it creates its own risks. The informality can lead to a false sense of security. Would you question a message that asks after your family or mentions your holiday before throwing in a request for a withdrawal?

So how can we protect ourselves and our clients from this happening? Quite simply, by having the very strictest of procedures to control how we operate and by instilling into our staff the importance of adherence to these controls at all times.

We have put together some straightforward rules about how we respond to clients’ emailed or written requests for changes to their portfolio. We always require original signed documents for withdrawals and will never take action with clients’ investments without confirming their identity, including speaking with them using a phone number we already hold on file, where there is any doubt.

We use passwords, agreed verbally with the client, to secure sensitive documents such as valuations. Where possible, we encourage clients to use our online client portal to view documents and communicate with us. Even with that, we will take additional steps to validate identity when transfers of money are involved.

We cannot afford to take anything for granted. It is our responsibility and we cannot shirk it.

Carl Lamb is managing director of Almary Green

Recommended

Old Mutual boss suggests industry buyers among OMGI bidders

Old Mutual is aiming for at least £500m from the sale of OMGI Old Mutual’s chief executive Bruce Hemphill has suggested industry buyers may be in the mix of bidders for OMGI. Old Mutual has reportedly approached the US firm that invested in Gartmore to facilitate a buyout of the single strategy division of the asset manager, […]

Bellamy-David-2012-700x450.jpg
49

SJP under fire again over charges and exit fees

Clients of St James’s Place have attacked the firm over what they say is an opaque charging structure and punitive levels of exit fees. The Sunday Times was asked to examine what retired solicitor Arnold Rosen had been charged by SJP between 2009 and 2015 after Rosen could not work out the level of charges […]

TPR intervenes in 281 suspected scams since 2012

The year with the most interventions for suspected scams was 2013/14 when TPR used its powers 87 times  The Pensions Regulator has used its enforcement powers in 281 cases of suspected scams since 2012, according to data published on its website. The Freedom of Information Act request shows TPR has used its powers in 16 […]

Newsletter

News and expert analysis straight to your inbox

Sign up

Comments

There is one comment at the moment, we would love to hear your opinion too.

  1. Don’t make a withdrawal on email alone especially a large amount. Hacking email accounts is easy and you should always try and ring the client or verify the message before just blindly going ahead. Think of email as a postcard written in pencil.

Leave a comment