Steps advisers must take to avoid email cyberattacks

The bottom line is that every email should be viewed with suspicion

Oct 4, 2016 @ 11:00 am

By Sheryl Rowling

Cybercrime is accelerating at an alarming pace, both in terms of numbers and sophistication. One of the most common cyberattacks is through email.

A phishing or scam email typically looks like it is coming from a legitimate source. Cyber criminals can make their email address appear to come from a familiar domain. The email will have one objective in mind — to get you to share private information or money. This can be accomplished by enticing you to simply reply to the email or click on a link — which can infect your computer with a virus. Here are a couple of examples:

(More: The journey from financial advisers to tech entrepreneurs)

1) An email arrives from your IT service saying you need to immediately update your password or your account will be shut down. You just need to click on the link to do so. What should tip you off so you don't fall prey?

• The sender's address might be from a familiar domain, but it is likely not from a familiar address. For example, an email to my firm from could appear legit, but we don't have an address like that in our domain.

• The sender has no name or is from someone who wouldn't typically send an email like this.

• The request is out of the ordinary. A password change notice would typically come straight from your computers when logging in.

• The format of the email is out of the ordinary. Sometimes emails like these will include misspelled words or bad grammar.

• No matter what, you should never be asked to click on a blind link.

(More: What top advisory firms do right when it comes to technology)

2) In my firm, an email was sent by a client requesting a wire transfer. The email had the client's business address and appropriate footer. It also referenced personal information that the client would know. In this case, we called the client for confirmation and discovered it was a scam. What lessons could be learned from this?

• Never transfer money or execute transactions without verbally confirming the identity of the client.

• The request for the wire transfer was to a foreign account. This should automatically ring a warning bell.

• The client's accounts needed to be flagged for possible fraud and the client should consider changing email accounts and passwords.

(More: Why financial advisers need to worry about technology addiction)

The bottom line is that every email should be viewed with suspicion. When in doubt, contact the purported sender by phone — and don't click on the link! Advisers can test their employees on this by sending fake phishing emails. Talking about this issue is important; showing employees in practice is critical.

Sheryl Rowling is head of rebalancing solutions at Morningstar Inc. and principal at Rowling & Associates. She considers herself a non-techie user of technology.


What do you think?

View comments

Recommended next


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print