A type of email scam has recently become more common. We at Parsec take the safety and security of client accounts very seriously, and wanted to alert our clients to how this particular scam works and how they can help protect themselves against it.
Basically the criminal hacks into a client’s email account and poses as the client. They then use the client’s email address to contact any financial services providers in the client’s address book. For example, we would receive a message (from a client’s actual email address that we have on file) asking to wire money out of their account to a third party. Often there is some urgency to the request, such as a death in the family. The criminal also claims that they are traveling and will be difficult to reach, but that the wire needs to go out right away.
Wires out of client accounts to third parties cannot be processed without a wire authorization form signed by the client. But these criminals will request that a form be faxed or emailed to them, then sign it and fax it back in the hopes that neither Parsec nor the custodian of the account (Schwab, Fidelity, TD Ameritrade, Parsec Trust) will notice the signature does not match that of the client. Authorities have also indicated that in some cases criminals have obtained access to the client’s signature, and provide what appears to be a valid signature on the wire form. Often these requests are for relatively small dollar amounts so as not to invite suspicion.
In order to protect yourself, we ask that you avoid contacting us via email on the rare occasion when a wire transfer to a third party out of your account is needed. If you do need to make such a transaction, please call one of our Client Service Specialists or your advisor. For any request, you can expect a call back to confirm the wire, either from Parsec, the custodian, or perhaps both.
In many instances, individuals are compromised when they inadvertently respond to phishing e-mails from a range of different sources. Be careful about responding to any email that you do not recognize, and take particular care to avoid clicking on any links in such a message.
Bill Hansen, CFA
July 6, 2012