I was at an industry conference last week, and a good deal of time was spent in talking about how fraudsters are targeting the business that I am in, and thereby my clients. An example was given about how a financial advisor received an e-mail from his largest client, asking for a relatively small ($10,000) wire to invest in a real estate opportunity, and wire instructions were given. The way the e-mail was structured looked exactly like the way that the client typically talked and e-mailed his financial advisor, so the advisor thought nothing of it, and processed the wire.
Unfortunately, the e-mail was not from the client. Someone had hacked into the client’s e-mail, likely did a search for terms like “investment”, “financial”, etc., and found correspondence between the advisor and the client. The hacker then crafted an e-mail, using the same way of speaking as the client normally typed when corresponding with the advisor, and asked for a wire (not: this is different/riskier than a simple transfer to an existing checking account). The result was that the advisor had to cover the $10,000 loss.
The very next day, I received this e-mail from American Express. Note how normal and non-threatening it looks, and it simply tells me that I had a transaction that went over my notification amount. The only problem is, I know that I haven’t used my American Express card in months, so I was immediately concerned. The easy thing for me to have done here would have been to click on the “View recent activity” link, log in to my account, and see what was going on. Knowing of potential fraudsters out there, I didn’t do that. I instead went to my internet browser, typed in www.americanexpress.com, and logged in from there. To my relief, I showed a $0 balance. Had I, though, clicked on the link in the e-mail, it would have taken me to a website that looked JUST LIKE the American Express website, where I would have proceeded to log in, and then the fraudsters would have my log in information, allowing them to then make real charges.
My point today: be aware of fraudsters. If you get an e-mail from your bank, brokerage firm, insurance company, PayPal, e-mail provider, or even social media sites, and they want you to click a link to verify something that seems out of the ordinary, it is FAR better to instead go to your browser, type in (or Google, if you don’t know it) their website, and log in from there. It may take a little more time, but it will save you a lot of time and headache.
Happy Monday, and be safe out there!