Financial Firms Are at Risk for E-Mail Scams Too
Financial Firms Are Targets of Fraud Too
In this age of cyber attacks and online scams, it seems that no one is truly safe from fraud. Not those looking for love, not small businesses – and not even those poor, defenseless major financial firms.
According to a report released last week by the U.S. Securities and Exchange Commission, most of the broker-dealers and investment advisers that they surveyed had been the victim of cyberattacks. (More specifically, 80% of broker-dealers and 74% of advisers had experienced these attacks.
With such stunning statistics, exactly how much does all this fraud end up costing the average financial firm? According to a report last year from Deloitte, the average firm lost $24 million to cybercrime in 2013 – a shocking 44% increase from 2012.
You’ve Got Mail
So clearly, it’s a problem. While some of this cyber fraud has been committed through high-tech malware infiltration, there has also been a fair amount of basic e-mail fraud too.
In one particular case last year, an accountant at Scoular Co., a commodities-trading firm based in Omaha, received an e-mail, in which he was told that he would be helping the company carry out a top-secret deal to purchase a firm in China. Though the e-mail address was unfamiliar, it seemed to be signed off by the CEO of Scoular, so the accountant assumed everything was above board. By the end of the month, the accountant had wired $17 million of the firm’s money to a bank account in China – making some unknown cyber fraudsters $17 million richer.
While this type of incident may seem quite unlikely, these e-mail scams are actually more common than you’d think. In the SEC report, the majority of the fraud cases had to do with e-mail scams. More than 50% of the broker-dealers they asked had received these e-mail scams, and of these, 25% of them actually complied and sent the fraudsters thousands of dollars before realizing what had happened.
How Is This Happening?
Well, there may be a couple different reasons. For one, there seems to be an inconsistent approach to cybersecurity among different firms. While bigger firms have better access to security resources, smaller firms lack the resources and awareness to fend off against attacks, whether they be high-tech ones or simple ones.
In addition, firms do not currently have properly specified cybersecurity policies. While the SEC requires that firms have certain cybersecurity policies in place, their own mandates on the matter haven’t exactly been updated – the last mandate that the SEC could point to was passed in 2000.
With fraud running rampant these days, both from internal and external sources, how can you protect your own company? Having a clear and updated written code of ethics in place is a good idea, for starters. And following that up with an independent ethics reporting system would be an even better one.