Emerging Fraud Trend: Hostile Email Account Takeover

(Note: This excellent article about online fraud was provided by Charles Schwab & Co., Inc. Please remember that as an Aequus client you have the ability to send, receive, and store documents securely in the Document Vault of the Aequus website. If you have not yet requested or received an Aequus email password to add an extra level of security to your email messaging, contact the Aequus Team.) 

    Do you know who is on the other end of that email address? It might not be as apparent as you think. Learn how to identify possible fraudulent requests. Many who have fallen victim to identity theft assumed it could never happen to them. But fraudsters have an arsenal of methods to help get their victims’ personal information. Their goal is to make a profit off of vulnerable consumers.

    One area of fraud where there has been a significant increase is email hacking. In this type of fraud, an unauthorized person uses malware—such as a keystroke-logging or “keylogging” program—to take control of a victim’s email account, often by secretly stealing their email login credentials. The fraudster then monitors the email account and identifies the financial institution(s) with which the victim does business.

    In some cases, fraudsters then contact victims by email disguised as their financial institution. They ask for help facilitating a financial transaction to a destination that appears to be legitimate, but is in fact fraudulent. Fraudsters find email-related schemes appealing and effective because email is a common form of communication and provides a layer of anonymity, making it easier to leverage the trust of the business/client relationship.

    Listed below are suspicious signs to be aware of when communicating via email online, especially when the discussion involves the movement of money and securities, and best practices to help maintain your financial security.

SUSPICIOUS SIGNS

Originating email address is not the true email of the business.

Example: A lowercase “L” and a capital “I” can sometimes be indistinguishable.

    .(JavaScript must be enabled to view this email address)
      .(JavaScript must be enabled to view this email address)

Originating email address changes during the course of emails.

Example: A fraudster might hack a person’s email address, inform the person that his or her email has been hacked, and ask them to use a new email address that the fraudster provides.

Originator makes an urgent request to send a wire to a third party.

Example: Fraudster requests a wire be sent in U.S. dollars to bank in Hong Kong because of a death in the family.

Originator states he or she is unavailable by phone.

Example: The purported emailer states that he or she is out of the country, about to board an airplane, at the hospital, attending a funeral, and so on.

Time zone stamp on the email does not match the account holder’s geographic location.

Example: Emailer lives on the East Coast, but the email time stamp does not correspond.

Signature on email letter of authorization (LOA) appears faded, photocopied, or traced.

Example: Signature or signature page looks different from the rest of the wire request.

Emailer requests that you divulge account numbers or other personal information which the company should already know or have in its files.

Example: The purported bank, broker or financial institution requests unrelated personal information or account numbers before it will provide services on your behalf. 

An email requesting account balance or password information from a financial institution you do (or previously did) business with. 

Example: The purported fraudster may contact you asking for account information or for you to re-enter your password to regain access to your account. Contact the institution directly by phone to confirm such requests.

Consecutive requests are sent to the same destination in a short period of time.

Example: The fraudster sends repeated requests for financial information in rapid succession. In addition, be sure the email’s “From” address is correct and sent from a company you know and trust.

BEST PRACTICES

Best practices for you:

* Always confirm final details or instructions directly with your bank using the contact information you have on file, not the “click-on link” provided in a suspicious email.

* Do not use unsecured email to confirm money transfers.

* Make sure a wire financial request is in keeping with past or usual norms. If you are sending funds to a new destination, ask additional questions.

* Pay attention to spelling and grammatical errors, as well as the tone of email communications. Does it sound like your contact?

* Pay attention to the suspicious signs whenever you are asked to rush an online request. Fraudsters will sometimes use a frightening or disturbing event to establish an emotional attachment and then ask that a request be expedited.

* Typically, email is not a secure channel. Do not use it to send or receive information that you would not want to make publicly available.

* When in doubt, bring up your concerns about fraud or have Aequus intercede on your behalf.

* Make sure you update your computer’s operating system frequently.

* Activate your computer’s firewall protection.

* Install anti-virus software.

* Install anti-spyware software

* Do not open attachments from unknown or unreliable sources.