Think before you click.
For companies in the financial services sector, it's become almost second nature. After all, many of these companies – think investment banks, retirement funds, hedge funds - are tasked with shuffling the world's money back and forth.
While there are certainly safeguards in place, one wrong click or not properly vetting an email sender before writing back could prove to be a costly lesson, both for an employee, and his employer.
Unfortunately, it’s that constant tug of war that keeps attackers on their toes, too.
The latest scam attackers are carrying out to trick financial services employees, according to the FBI's Criminal Investigative Division and the United States Securities and Exchange Commission, is pretending to be a registered broker or investment adviser. Once belief has been suspended, the fraudsters can trick investors into surrendering more information.
The FBI and the SEC say that scammers are masquerading as members of the SEC, FINRA (the Financial Industry Regulatory Authority) and state securities regulators, oftentimes using the names and photos of legitimate investment professionals. They're going as far as to craft fake social media profiles, fake websites that look strikingly similar to those of registered firms, and cold calling investors in boiler rooms while working to conceal their actual location.
Another way they're getting their foot in the door includes falsifying legitimate documents, like public reports, with real names and Central Registration Depository (CRD) numbers but fake firm names.
The warning, issued by the FBI and the SEC’s Office of Investor Education and Advocacy (OIEA) last week comes on the heels of a similar warning via FINRA.
FINRA also highlighted the rise in imposter websites last week, pointing out that scammers - taking a cue from phishers - are using poor grammar and misspellings to capitalize on unexpecting employees who don't do their due diligence verifying the legitimacy of emails. It also shared a story about a scam that used a fake FINRA BrokerCheck report in an attempt to lure in investors. Like the FBI and the SEC warned, the report used the name and CRD of a real person but used a fake firm, the wrong CRD number, and other fabrications throughout.
"The doctored BrokerCheck report was emailed to potential “clients” using the name and CRD number of a registered investment professional—but with a company that is not registered as a broker-dealer with FINRA," the group wrote. "The solicitation included other documentation and a request for investors to respond with a photo of their driver’s license and other personal information."
While impostor scams are nothing new, it can still be easy from time to time to either let your guard down or overlook certain red flags.
To prevent falling for some of these scams, the FBI, SEC, and FINRA issued guidance for those in the financial services industry.
First and foremost, investors should do their research.
- If someone claiming to offer an investment is legitimate, they'll likely be licensed and registered. The FBI and SEC recommend looking up their name on Investor.gov. Afterwards, contact the seller using contact information you verify independently – for example, by using a phone number or website listed in the firm’s Client Relationship Summary (Form CRS) – rather than relying on contact information the seller provides you.
- Be weary of unsolicited offers, especially those that guarantee high investment returns
- Investors should use FINRA's BrokerCheck before investing; go directly the source and compare any documentation you receive with the official report. Pay attention to typos, fonts, and double check any information that gives you pause.
- When it’s time to pay, don't send money without verifying the recipient first; don't send sensitive or personal information like your driver's license number or even your date of birth.
- As the FBI and SEC point out, most licensed and registered investment firms don't allow customers to use credit cards or cryptocurrencies to invest; if one you're dealing with does, think twice.
