Phishing, the fraudulent practice of sending emails from supposedly reputable companies in order to get individuals to reveal personal information, is still the biggest cybersecurity threat financial advisers and their clients face in 2018, according to a panel at the
Financial Services Institute annual meeting in Dallas on Tuesday.
"Let's be honest, phishing by far is the biggest threat in our adviser world," said Annie Groleau, compliance officer for cybersecurity at Securian Financial Services Inc.
Last July, the Financial Industry Regulatory Authority Inc. issued an investor warning for people looking for jobs that individuals claiming to be involved in the hiring process for legitimate organizations — including Finra — have turned to Skype and other online video call platforms as a way to phish for personal information and money.
According to Finra, scammers also may use fraudulent emails or copycat websites to get unsuspecting consumers to provide valuable personal information, and then use it to steal their money or identity.
"Phishing tends to be number one out there and I still think it's going to be number one," said David Kelley, surveillance director in the Kansas City office of Finra. "You may think that's a minor thing, but it's so easy for the bad guys to find something to initiate a phishing attack."
(More: Firms begin to heed cybersecurity, but have much to do)
Of course, broker-dealers and financial advisers face numerous other cybersecurity threats, according to the panelists.
Those include older clients turning over passwords to electronic accounts to their brokers as well as the overall cybersecurity of smaller registered investment advisers (those with $100 million or less in client assets), according to Joseph Borg, director of the Alabama Securities Commission and president of the North American Securities Administrators Association.
The states regulate small RIAs, while the Securities and Exchange Commission oversees the larger firms.
"A lot of the clients, particularly seniors, are now turning over their passwords to the rep," Mr. Borg said. "A trade gets entered or money gets moved. It looks like a customer issue."
Such actions are intended to be a service to the customer because they don't want to deal with their computer, Mr. Borg said.
"I know the states in general are looking at the issue to determine what kind of practice this is, and we are starting to see the numbers increasing," he said. "I'm starting to see some real big problems with it."
Meanwhile, state regulators also are focused on investment advisers and their overall cybersecurity, Mr. Borg said.
"We are concerned with how they interact with social media to deal with customers," he said. "The states, through the [NASAA], have issued an investment adviser
cybersecurity checklist about this."
