Cybercriminals Assault BrokerDealers; Most BDs Bamboozled by MITB and Phishing Schemes

BrokerDealer.com blog update courtesy of extract below from 3 Feb WSJ story by Matthias Rieker

Cybercriminals Attack BrokerDealersMore than half of U.S. brokerage firms surveyed by regulators said they had been targeted by email scams aimed at tricking them into wiring away client money.

In many cases, brokers fell for the impostors and their firms had to reimburse their clients. Of the brokerage firms that received the fraudulent emails, 26% reported losses of more than $5,000, according to the Securities and Exchange Commission.

The SEC last year sampled 106 firms—57 broker-dealers and 49 registered investment advisers—to assess the industry’s cybersecurity risk.

On Tuesday, the regulator said 88% of the broker-dealers and 74% of RIAs it examined for its report had experienced some form of a cyberattack. The agency didn’t say in what years the attacks occurred.

The wealth-advisory industry has long been struggling with what security experts and advisers say has been an onslaught of fraudulent wire-transfer requests, many resulting from client email accounts being hacked. Fifty-four percent of broker-dealers and 43% of RIAs said they had received fraudulent emails seeking to transfer client money.

  • Fifty-four percent of broker-dealers and 43% of advisers said they had received fraudulent emails seeking to transfer client money.

For example, a former Morgan Stanley Smith Barney adviser—whose client’s email had been hacked—wired a total of $521,500 in four requests over two months last year. Also, a former Wells Fargo adviser failed to confirm two wire transfers for a total of $67,532 over two months in 2012 that turned out to be from an impostor.

The Financial Industry Regulatory Authority, Wall Street’s self-regulator, suspended and fined both advisers last month. Neither admitted or denied the allegations, and their firms fired them, according to Finra. Morgan Stanley and Wells Fargo declined to comment on the cases.

Like most firms, Morgan Stanley and Wells Fargo have strict procedures on how to thwart such scammers, but some advisers haven’t been vigilant enough to ensure the requests are actually from their clients. Of the broker-dealers that reported losses from fraudulent emails, a quarter said the losses were the result of employees not following the firms’ authentication procedures, the SEC said.

SEC chairwoman Mary Jo White says assessing the readiness of market participants and providing investors with information on how to better protect online investments from cyberthreats is an important focus of her agency.

Finra said that last year it brought 37 cases related to the improper transfer of investors’ money to third-party accounts.

“Cybersecurity threats know no boundaries,” SEC Chair Mary Jo White said in statement. “That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”

The SEC also said it found that 58% of broker-dealers but only 21% of RIAs are insured against losses from cyberattacks. One broker-dealer and one adviser reported that they had filed claims, the SEC said.

For the full story from the WSJ, please click here