Email fraudsters are increasingly targeting the financial services industry, and they are getting better at identifying the right potential victims, according to cybersecurity regulators and experts.

“It’s almost as if many of the fraudsters have worked in financial services in the past,” Gregory Markovich, regulatory principal at Finra’s Chicago District Office, said last week at the SRO’s 2020 Cybersecurity conference in New York City.

“They know how call centers operate, they know how back office processes operate, and they leverage that,” added Markovich, who is also a part of Finra’s cybersecurity specialist team.

TD Ameritrade saw a billion attempts of credential stuffing — where credentials such as user names are used to gain access to accounts — and password reuse attacks in 2019, according to Paul Nickelson, a director at the firm’s Fusion Center. TD Ameritrade didn’t incur losses from those attempts, he said.

The Fusion Center is an operation hub focused on improving detection and prevention of enterprise threats. The hub works on protecting assets and safeguarding customers’ privacy, security and trust, for example.

Even Finra isn’t immune to the attempted cyberattacks and has been at the receiving end of suspicious emails.

There was one such attempt the morning of the conference, said Barry Suskind, Finra’s senior director of information security architecture. The attacker used information presumed to be taken from LinkedIn.

“They see who’s on your payroll staff on LinkedIn, who’s on your development staff, and they’ll send personalized messages: ‘Hi, Bob, I have some programs I’d like you to download, can you get in touch with me?’” Suskind said.

Vigilance at the employee level is the first line of defense against cyberattacks, according to the executives, who identified what advisors, their staff and home office employees should watch out for.

Gift cards

An individual may receive an email from what looks like a senior person in their organization requesting gift cards.

“So, if I see something coming from [Finra president and CEO] Robert Cook, people tend to pay less attention to the email address,” Suskind cited as an example.

Jason Lish, chief security, privacy and data officer at the Advisor Group, said fraudsters are getting better at targeting individuals.

For example, scammers target administrators of executives or branches who have been recently hired and are eager to please a branch manager, Lish said.

“We’ve seen somebody [from a branch] actually go down to BestBuy, buy gift cards, scratch off the back, take pictures of them, and email them [to the scammer],” he said, noting that branch spent thousands of dollars because of the scam.

Phishing attacks

Phishing for information to extract money is a common scam, according to Dale Spoljaric, managing director for compliance at the National Futures Association.

An employee could click on a malicious link and give up their credentials that would allow the fraudster to request wire transfers, for example, he said.

Account takeover

The credentials of a client or a business entity may have been compromised and an advisor could fail to recognize a fraudster.

A fraudster who has gained access to a client’s email could try and initiate a password test by finding a statement from a 401(k) provider, for example, Lish said.

“We’ve seen cases where they’ll initiate from a client to an advisor a wire transfer or they’ll withdraw [money],” he adds.

Allen Eickelberg, vice president and director of operations at Spire Investment Partners, says there is a way for firms to proceed with caution.

“If you’re doing wire transfers for customers in particular, I think it’s a great practice to always make sure that you’re going all the way down the street and confirming from the source,” he said.