Understanding Cybercrime on Wall Street

Andersen Ross/Blend Images/Getty Images

Cybercrime on Wall Street: Not surprisingly, the financial services industry in general, and Wall Street, in particular, are prime targets for cyber criminals. Interestingly, however, the technical sophistication of a recent wave of attacks is rather modest, at best. Scammers and fraudsters are engaging in a venerable form of identity theft, impersonating clients, especially high net worth clients, to effect withdrawals from their accounts.

The modern twist is that the cyber thieves start by hacking into e-mail accounts, searching for communications with securities brokerage and investment advisory firms. Then they send e-mails to the unlucky persons' financial advisors, requesting wire transfers of funds. The schemes succeed when financial advisors, brokers, investment advisors and/or broker sales assistants follow these fraudulent e-mailed instructions without follow-up or confirmation, such as by telephoning the client.

The extent of the Problem: In 2014, the SEC surveyed 57 broker-dealer firms and 49 registered investment advisory (RIA) firms regarding cyber security. Among the brokerage firms, 88% experienced some sort of cyber attack in recent years, and 54% received fraudulent e-mails requesting money transfers. For the RIAs, the figures were 74% and 43%, respectively.

Compliance and risk management departments at major securities and investment firms typically have strong policies and procedures aimed at authenticating instructions from clients.

As a general rule, instructions of any sort (for trades, funds transfer, change of address, etc.) sent via e-mail, voicemail or text message are not honored.

Among the brokerage firms in the SEC survey that received bogus wire transfer requests via e-mail, 26% reported losses in excess of $5,000. Among all the surveyed brokerage firms that incurred losses, 25% laid the blame on employees who did not follow established procedures for verifying such requests.

In 2014 a Morgan Stanley financial advisor wired $521,500 pursuant to four fraudulent requests. In 2012, a Wells Fargo financial advisor wired $67,532 in response to two bogus e-mails. Both were fined and suspended by FINRA in January 2015, after previously having been fired by their firms. In 2014 alone, FINRA has brought 37 cases concerning improper transfers of client funds to third parties.

Insurance: There is a growing market in cyber security insurance. However, among the firms surveyed by the SEC, only 58% of the broker-dealers and 21% of the RIAs hold such coverage. FINRA conducted a cybersecurity "sweep" of 19 firms in 2014, finding that 72% of them had this coverage, 61% through a separate policy and 11% via riders on other policies.

Source: "Cybercriminals Target Brokers," The Wall Street Journal, February 4, 2015.

Postscript: A complicating factor not mentioned in the article, but discussed with the author of this article by an employee of a leading Wall Street firm: especially sophisticated criminals have found ways to produce convincing imitations of a client's voice, thereby rendering telephonic communications suspect.

Related Issues: Also see our articles on data security in financefinancial fraudaffinity fraud and financial elder abuse.