Anyone who has experienced an email account intrusion or “hacking” knows how frustrating it can be to deal with the aftermath—from telling friends that you didn’t send the flurry of bogus emails they received to regaining access to a blocked account. In the most serious cases, a compromised email account can lead not only to identity theft, but also to theft of your money. That’s why one of the most important first steps you should take if your email account has been hacked is to notify your brokerage firm and other financial institutions.
The Financial Industry Regulatory Authority (FINRA) has received an increasing number of reports involving investor funds being stolen by fraudsters who first gain access to the investor’s email account and then email instructions to the firm to transfer money out of the brokerage account.
These frauds tend to follow a typical pattern. For example, in some of the instances FINRA has seen, the perpetrators appear to have obtained the investor’s brokerage information by accessing the investor’s email account and searching contact lists or emails in the “sent” folder. The fraudster then typically sends an email to the investor’s broker or brokerage firm (using the investor’s personal email account) with instructions to wire funds to a third-party account, often overseas. The instructions may be accompanied or followed by a fraudulent letter of authorization, which also is emailed from the compromised email account.
In some instances, firms have released funds after unsuccessfully attempting to verify emailed instructions by phone. In at least one case, the fraudulent email stressed the urgency of the requested transfer, pressuring the brokerage firm to release the funds before verifying the authenticity of the emailed instructions.
Tell-tale signs that you’ve been the victim of an email account intrusion include reports of spam from people in your “contacts” folder or a slew of “bounced” email messages from people you don’t know. You might find that your password or other account settings have been changed—or that your email provider has blocked you from accessing your account.
If your email account gets hacked—or if for any reason you think that your personal financial information has been stolen—immediately contact your brokerage firm and other financial institutions, including credit card issuers, to notify them of the problem. You should also notify the credit bureaus to put a fraud alert on your file.
For more tips on what to do if you believe your email account has been compromised, visit the FINRA "Protect Yourself" webpage by clicking here.