Although as a firm we have not suffered a fraud attack, we have to be aware that fraudsters spend a lot of time and money looking for weaknesses and are quick to exploit them. It is hard to be one step ahead of them but that is what we try to do.
Recently we have been told about an incident where a client had their e-mail hacked, their advisor’s e-mail was spoofed with false details for the target account for a large pension premium. The client failed to notice an altered e-mail address and overrode the bank warnings when the account details did not match the account name, sending over £170,000 into the ether.
Typically, these have been following interceptions of e-mails between the client and advisor or the advisor and the provider or the client and the bank, where the fraudster has impersonated one or more parties and diverted the money to a bank account they control. Once the money is in a “wrong” bank account it is moved on several more times to confuse the trail.
The IT industry has been aware of this methodology for many years, the usual jargon is a “man in the middle” attack or exploit, as it requires a third party to intercept and inject false e-mails purporting to be someone else or changing details on a genuine e-mail. This is not a new idea; you could do much the same with letter post, a kettle and a typewriter back in the day, but vetting of postal employees, tamper-proof envelopes and distinctive stationary make this too “old-school” for modern fraudsters. (http://www.makeuseof.com/tag/man-middle-attack-security-jargon-explained/)
As a financial services business, we have decided to protect our clients by using conventional e-mail less and confirming back with clients’ changes of details, withdrawal requests or money transfers. If you e-mail us, we will confirm your request by telephone, post or secure messaging, before we execute it. It might delay your request by a few minutes, but it could save you thousands. There are no winners in a fraud claim, (other than the fraudster and we do not care about them), so the time taken to check the request or changed details is a wise precaution.
For anyone who uses computers and e-mail for personal affairs, or a home business, as a bare minimum you need:-
Complex passwords changed every six months, (8 characters or more, a mix of upper and lower case, symbols and numbers).
Different passwords for different systems, (don’t have the same password for Facebook as your on-line banking! Not all websites take the same care of your personal details. For the criminal, hack an easy target, like an on-line hobby forum, then try that password on the juicier targets)
All programs updated to the most recent versions and all of the security updates added to the operating system.
Anti-virus and anti-malware programs up to date and scans done regularly.
If you do not do all of the above or have no idea what I am talking about, then using your computer for personal financial purposes is probably a risk you should not be taking.
Even if you have done the above, the IT industry would suggest that for high risk activities like on-line banking, you should go further:
Check for site certificates, (SSL errors reported) and only use “https://” websites for any high-risk activities.
Do not use public WiFi, unless you are willing to take the precautions above. Free WiFi can be exploited to gain your details and often the only warnings will be SSL errors and websites not showing up as secured, (https:).
Use the best anti-virus and anti-malware software you can find, perhaps paying for the Pro version.
Do not use other peoples’ USB drives without taking precautions. At least a virus scan for any you intend to plug in.
Make sure no USB components have been added without your knowledge. Some RAM discs or WiFi modules are very small and barely noticeable.
Now that bank transfers using online banking or mobile apps routinely check the account name of the sort code and account number combination you have provided, a mis-match is a massive red flag! Stop what you are doing and check the details with a reliable source; ring us to confirm the provider’s bank details; do not rely on an e-mail on your computer!
It can be a jungle out there!
Arrange a meeting to find out how independent financial advice can help you.
Please get in touch with us to arrange an introductory meeting, at our cost. At Martin-Redman Partners we have both male and female advisers who can help you make the most of your money – either by managing your pensions and investments, arranging life cover, and assisting with your financial plan.
To find out more about how we can help, or if you have any questions about your investments please get in touch by calling us on 01223 792196 or emailing info@martin-redmanpartners.co.uk We look forward to hearing from you.
About Martin-Redman Partners
We are a team of experienced Independent Financial Advisers (IFAs) who can advise on your personal or business financial arrangements. We have been building trusted relationships with clients for many years by articulating clear and tailored recommendations in areas ranging from investments to pensions and retirement planning, to complex estate planning advice.
We offer expert independent financial advice throughout Cambridgeshire, Leicestershire, Suffolk, East Anglia and the South East. Many of our clients are within, or are in the surrounding areas of Cambridge, Grantham, Stamford, Bury St Edmunds, Frinton on Sea, Ely, Peterborough, Huntingdon, Cambourne, Newmarket, Soham and Oundle.
The information contained is for guidance only and does not constitute financial advice. It is based on our understanding of UK legislation, whether proposed or in force, and market practice at the time of writing. Levels, bases and reliefs from taxation may be subject to change. Accordingly, no responsibility can be assumed by Martin-Redman Partners its officers or employees, for any loss in connection with the content hereof and any such action or inaction.