Tips for avoiding cyberattacks

Bill Winterberg, April Rudin provide scoop for advisers on how to avoid falling victim to online scamsters

Nov 5, 2013 @ 2:45 pm

By Megan Durisin

Bill Winterberg, the founder of FPPad and consultant to registered investment advisers and technology vendors, lately has noticed an uptick in a few key patterns that hackers are using to fool RIAs.

“When something is attractive and it works, then they all gravitate toward it and exploit is as much as possible until it stops working,” he said.

“Right now, it's still working. The RIA community is still fragmented enough … that there are still firms that fall victim to these attacks,” Mr. Winterberg said.

In an interview, he provided the inside scoop on a few of the most common cybersecurity threats that are taking place in the financial advice industry.

(Don't miss this report on how advisers face new competition from online platforms.)

The fake caller. A hacker will break into a client's e-mail account and send an e-mail to their financial adviser, asking for a withdrawal or wire transfer. Often, the hacker will have looked through the client's past e-mails to frame the communication in a way that seems more legitimate, Mr. Winterberg said. For example, if they see receipts from airlines or hotels, they may refer to a recent trip that the client has taken and claim their passport was stolen, so they need emergency cash for a return ticket home.

Typically, the hacker will ask for a relatively small amount of money, less than $10,000. That is just enough to “fly under the radar,” Mr. Winterberg said. If the scheme works, the hacker may ask for more. “Hackers know they don't have to steal from clients directly,” Mr. Winterberg said. “They can exploit the trust with the adviser and get the adviser to move the money, and then the client is completely clueless.”

How to prevent this: If an adviser receives an e-mail asking for a withdrawal or wire transfer, they should validate that request with the client. One way to do that is by asking the client to do a quick video chat. “Not only are you speaking with your client, but you're actually seeing your client's face,” Mr. Winterberg said. Another way to authenticate the request is by using a previously established code word or password that the client and adviser have agreed upon. This should be something more difficult to crack than a mother's maiden name or the last four digits of a Social Security number, which could be found in an e-mail account, Mr. Winterberg said. He recommends using a phrase that can be prompted with a question such as, “Who was your favorite teacher in elementary school?” Or, “What was the color, make and model of your first car?”

The phishing attempt. Phishing attempts continue to be a common threat for advisers. For example, a hacker will send an adviser an e-card with a message like, “Happy birthday from your client!” When the adviser clicks on it, a message will pop up saying that the adviser needs an updated version of JavaScript to view the message. It's really a hack attack. “Hackers are trying to install sniffing software within the RIA firms so they can start getting passwords to custodian logins, log in as an adviser and start sending out withdrawals,” Mr. Winterberg said.

How to prevent this: Resist the temptation to click on links in e-mails. Many times, the URLs that hackers send will be very close to legitimate ones, with a few characters off, Mr. Winterberg said. Advisers should be vigilant not to install third-party software or respond to prompts about things such as Java Script updates. Instead, they should have their information technology professional provide these services or download updates directly through the Windows or Apple application store, based on what operating system they use.

The “reserve social engineering” threat. A hacker will call an adviser, pretending to be from Microsoft Corp. or another technology company. They will give a line such as, “Your computer has been sending us error files because you've got bad software. Go open this file and follow my steps.” As the call progresses, the hacker will convince the adviser to download bad files, disguising it as software that will solve the error problem. “They're persuading advisers to quote-unquote 'fix' their computer, but it's actually opening up malicious software,” Mr. Winterberg said. “If you're not a computer user, you can be fooled,” he said. “That's what the attackers are counting on.”

How to prevent this: Advisers who download updates regularly through the app store don't need to be concerned about these cold calls, Mr. Winterberg said. Advisers can say that their computers are up to date and politely hang up. It is key to resist the sense of urgency that the hackers are trying to instill in the adviser while on the phone. “They're hoping to make you panic, and when you panic, you're not thinking clearly,” Mr. Winterberg said. “An adviser needs to have a defense mechanism.”

Cyber security isn't an issue that most RIAs like to address, said April Rudin, the chief executive and founder of wealth marketing firm The Rudin Group.

After attending a recent conference on the topic, she said that she was “frightened” by the threat of security breaches and she considers herself more tech-savvy than most RIAs.

But there are plenty of small things that advisers can do to protect themselves against threats in cyberspace.

“It's beholden upon RIAs to really boost their knowledge of the Internet, how it works, what information is on the Internet, what's public information,” Ms. Rudin said. “Cyber security is not an isolated issue.”

Here is some basic advice that Ms. Rudin gives to guard against scams online:

• No matter how difficult it is, have different passwords for everything.

• Don't trust attachments in e-mails that use targeted keywords, such as “2013 tax return.” Phishers will try to use buzzwords such as these to lure advisers into clicking on a malicious document.

• Advisers who send out mass e-mails to their clients should make sure to BCC everyone, instead of CC-ing them. Otherwise, they will have the e-mail address of all the other clients. For firms that specialize in high-net-worth clients, that could include celebrities or others in positions of power.

• Once a month, advisers should Google their own names and that of their firm. It is important to know what information is out there, so that advisers can control their images and reputations.

• Overall, advisers should know how the Internet works and be knowledgeable about e-mail and social media. It is harder to spot a scam for those who aren't familiar with the real thing.


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

May 02


Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


How 401(k) advisers can use 'centers of influence' to grow their business

Leveraging relationships with accounting, benefits, and property and casualty insurance firms can help deliver new business leads for retirement plan advisers.

Latest news & opinion

Things are looking up: IBDs soared in 2017

With revenue up, interest rates rising and regulation easing, IBDs are soaring.

SEC advice rule may give RIAs leg up over broker-dealers

Experts say advisers will be able to point to their role as fiduciaries as a differentiator in the advice market.

Brokers accept proposed SEC rule on who can call themselves an adviser

Some say the rule will clear up investor confusion, but others say the SEC didn't go far enough.

SEC advice rule: Here's what you need to know

We sifted through the nearly 1,000-page proposal and picked out some of the most important points.

Cadaret Grant acquired by private-equity-backed Atria

75-year-old owner Arthur Grant positions the IBD for the 'next 33 years.'


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print