Advisers have received instructions that appear to have been sent from genuine customer email addresses, but in reality have come from fraudsters who have hacked customer email accounts.
The emails will ask for a payment to be made to a new bank account. The new bank details will not always be included at the same time as the payment request but might be in the middle of another email, perhaps in response to an email acknowledging the payment request.
The language used in emails can help to identify a fraudulent instruction so you should consider the language and style used:
- Is it consistent with that normally used by the customer?
- Fraudsters might clone/split your customer's SIM card or redirect calls to a line used by the fraudsters so it is important to verify the person you are talking to is your customer. Always ask security questions that only your customer will know the answers to.
- Would the customer normally ask for the funds to be “wired”?
- Would you expect the customer to use the £ sign or GBP?
- Is it normal for the customer to sign off by using a Christian, Middle and Surname?
When you receive an email instruction take steps to verify that the instruction is genuine:
- Call the customer direct, to confirm the instruction. Fraudsters may look to prevent a call by claiming that, for example, the customer is out of the country. In such instances, you should still contact the customer before acting on an email instruction.
- Make the call to the customer using a telephone number that you have used previously to contact them. Do not use a number shown on the email.
- Obtain an original bank statement, paying in slip or void cheque as evidence of a new bank account and NOT a pdf/photocopy.
- Ensure that you have the necessary authority from all parties before acting on an instruction on joint portfolios.