We are spreading awareness of an email “spear phishing” scam that has targeted investment firms recently, attempting to lure their personnel into inadvertently revealing their email account credentials to criminal fraudsters, and making wire transfers to the criminal’s account instead of the intended account.
There has been a significant uptick in this scam against investment firms. We recommend that firms advise their personnel who are involved with wire transfers to:
-
Examine “reply to” email addresses carefully to verify that the email came from the exact email address of the person who purportedly sent it
-
Beware of emails that appear to be from someone the recipient knows, that link to a log-in page where the recipient is required to enter his or her username and password in order to access something
-
Beware of emails that change wire transfer instructions from what they had been in the past or anything abnormal about the wire transfer authorization process
-
Prior to initiating any wire transfer, confirm instructions by telephone with an authorized representative of the recipient
Firms are also advised to consider the legitimate emails that their personnel receive regularly that request passwords or authorize wire transfers, and to configure their email filters to block mimicked versions of those emails that are not from the email address that they should be from.