FINRA Issues Investor Alert Regarding Compromised Email Accounts

The Financial Industry Regulatory Authority (“FINRA”) issued an alert to investors warning them that a compromised email account can not only lead to identify theft, but also to the theft of their money.

FINRA’s investor alert was issued in response to a growing number of reports of investor monies being stolen by individuals, who first gained access to the investor’s email account, and then emailed instructions to the investor’s financial institution directing it to transfer funds outside of the account.

According to a joint fraud alert recently issued by the Federal Bureau of Investigation, Financial Services Information Sharing and Analysis Center, and Internet Crime Complaint Center, these types of crimes follow a typical pattern. After gaining access to an investor’s email account, the fraudster searches the contact lists and emails looking for information about the investor’s broker or brokerage firm. The fraudster then uses the investor’s email account to send an email to the investor’s broker or brokerage firm with instructions to wire funds to a third-party account, often overseas. The instructions may be accompanied by a fraudulent letter of authorization, also sent from the investor’s email account.

FINRA cautions that fraudsters can be quite persuasive in stressing the urgency of the requested transfer, pressuring brokerage firms to transfer the funds without verifying the authenticity of the instructions. Oftentimes, the fraudster fabricates tales of woe involving a death in the family, or some grave illness which prevents the investor from contacting the firm by telephone.

To prevent this from happening, investors should immediately notify their brokerage firm and other financial institutions if they believe someone has gained unauthorized access to their email account. Investors should also check their financial accounts for unauthorized transactions and ask the firm to investigate any that are discovered. Investors should also change their username, password and PIN for all financial accounts and change their email account password.