Tips for avoiding cyberattacks

Bill Winterberg, April Rudin provide scoop for advisers on how to avoid falling victim to online scamsters

Nov 5, 2013 @ 2:45 pm

By Megan Durisin

Bill Winterberg, the founder of FPPad and consultant to registered investment advisers and technology vendors, lately has noticed an uptick in a few key patterns that hackers are using to fool RIAs.

“When something is attractive and it works, then they all gravitate toward it and exploit is as much as possible until it stops working,” he said.

“Right now, it's still working. The RIA community is still fragmented enough … that there are still firms that fall victim to these attacks,” Mr. Winterberg said.

In an interview, he provided the inside scoop on a few of the most common cybersecurity threats that are taking place in the financial advice industry.

(Don't miss this report on how advisers face new competition from online platforms.)

The fake caller. A hacker will break into a client's e-mail account and send an e-mail to their financial adviser, asking for a withdrawal or wire transfer. Often, the hacker will have looked through the client's past e-mails to frame the communication in a way that seems more legitimate, Mr. Winterberg said. For example, if they see receipts from airlines or hotels, they may refer to a recent trip that the client has taken and claim their passport was stolen, so they need emergency cash for a return ticket home.

Typically, the hacker will ask for a relatively small amount of money, less than $10,000. That is just enough to “fly under the radar,” Mr. Winterberg said. If the scheme works, the hacker may ask for more. “Hackers know they don't have to steal from clients directly,” Mr. Winterberg said. “They can exploit the trust with the adviser and get the adviser to move the money, and then the client is completely clueless.”

How to prevent this: If an adviser receives an e-mail asking for a withdrawal or wire transfer, they should validate that request with the client. One way to do that is by asking the client to do a quick video chat. “Not only are you speaking with your client, but you're actually seeing your client's face,” Mr. Winterberg said. Another way to authenticate the request is by using a previously established code word or password that the client and adviser have agreed upon. This should be something more difficult to crack than a mother's maiden name or the last four digits of a Social Security number, which could be found in an e-mail account, Mr. Winterberg said. He recommends using a phrase that can be prompted with a question such as, “Who was your favorite teacher in elementary school?” Or, “What was the color, make and model of your first car?”

The phishing attempt. Phishing attempts continue to be a common threat for advisers. For example, a hacker will send an adviser an e-card with a message like, “Happy birthday from your client!” When the adviser clicks on it, a message will pop up saying that the adviser needs an updated version of JavaScript to view the message. It's really a hack attack. “Hackers are trying to install sniffing software within the RIA firms so they can start getting passwords to custodian logins, log in as an adviser and start sending out withdrawals,” Mr. Winterberg said.

How to prevent this: Resist the temptation to click on links in e-mails. Many times, the URLs that hackers send will be very close to legitimate ones, with a few characters off, Mr. Winterberg said. Advisers should be vigilant not to install third-party software or respond to prompts about things such as Java Script updates. Instead, they should have their information technology professional provide these services or download updates directly through the Windows or Apple application store, based on what operating system they use.

The “reserve social engineering” threat. A hacker will call an adviser, pretending to be from Microsoft Corp. or another technology company. They will give a line such as, “Your computer has been sending us error files because you've got bad software. Go open this file and follow my steps.” As the call progresses, the hacker will convince the adviser to download bad files, disguising it as software that will solve the error problem. “They're persuading advisers to quote-unquote 'fix' their computer, but it's actually opening up malicious software,” Mr. Winterberg said. “If you're not a computer user, you can be fooled,” he said. “That's what the attackers are counting on.”

How to prevent this: Advisers who download updates regularly through the app store don't need to be concerned about these cold calls, Mr. Winterberg said. Advisers can say that their computers are up to date and politely hang up. It is key to resist the sense of urgency that the hackers are trying to instill in the adviser while on the phone. “They're hoping to make you panic, and when you panic, you're not thinking clearly,” Mr. Winterberg said. “An adviser needs to have a defense mechanism.”

Cyber security isn't an issue that most RIAs like to address, said April Rudin, the chief executive and founder of wealth marketing firm The Rudin Group.

After attending a recent conference on the topic, she said that she was “frightened” by the threat of security breaches and she considers herself more tech-savvy than most RIAs.

But there are plenty of small things that advisers can do to protect themselves against threats in cyberspace.

“It's beholden upon RIAs to really boost their knowledge of the Internet, how it works, what information is on the Internet, what's public information,” Ms. Rudin said. “Cyber security is not an isolated issue.”

Here is some basic advice that Ms. Rudin gives to guard against scams online:

• No matter how difficult it is, have different passwords for everything.

• Don't trust attachments in e-mails that use targeted keywords, such as “2013 tax return.” Phishers will try to use buzzwords such as these to lure advisers into clicking on a malicious document.

• Advisers who send out mass e-mails to their clients should make sure to BCC everyone, instead of CC-ing them. Otherwise, they will have the e-mail address of all the other clients. For firms that specialize in high-net-worth clients, that could include celebrities or others in positions of power.

• Once a month, advisers should Google their own names and that of their firm. It is important to know what information is out there, so that advisers can control their images and reputations.

• Overall, advisers should know how the Internet works and be knowledgeable about e-mail and social media. It is harder to spot a scam for those who aren't familiar with the real thing.


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

Mar 13



InvestmentNews is honoring female financial advisers and industry executives who are distinguished leaders at their firms. These women have advanced the business of providing advice through their passion, creativity, inclusive approach and... Learn more

Featured video


When can advisers expect an SEC fiduciary rule proposal and other regs this year?

Managing editor Christina Nelson and senior reporter Mark Schoeff Jr. discuss regulations of consequence to financial advisers in 2018, and their likely timing.

Recommended Video

Path to growth

Latest news & opinion

Fidelity charging new fee on Vanguard assets held in 401(k) plans

The 0.05% fee is ostensibly a response to Vanguard's distribution model, but may also make the company's funds less attractive due to higher cost.

UBS adviser count continues to decline

Firm to merge U.S., global wealth management units on Feb. 1

TD Ameritrade launches all-night trading for ETFs

Twelve funds now can be traded after-hours, but the list will grow, company says.

Cutting through the red tape of adviser regulation is tricky

Don't expect a simple rollback of rules under the Trump administration in 2018 — instead, regulators are on pace to bolster financial adviser oversight.

Bond investors have more to worry about than a government shutdown

Inflation worries, international rates pushing Treasuries yields higher.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print