Protect Clients Assets
Protecting Clients Assets From Fraudulent Strategies And Techniques
Financial Services Professionals spend a great deal of time assisting their clients building and managing wealth. The Financial Services Professional has an obligation to keep the client aware of strategies and techniques used by dishonest people to defraud them of their wealth. Email Scams, and Phishing are the Online Terrorists. These fraud techniques are the growing threat to client assets and their wealth building efforts.
Phishing
They are scam artists that will send email to your clients falsely claiming to be an established legitimate business in an attempt to scam the client into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers. (Keep in mind that the business already has this information.) The purpose of the website is bogus and set up for only one purpose i.e. to steal the user’s information. This is known as phishing. The term phishing is a variant of fishing and refers to the use of increasingly sophisticated lures to “fish” for users' financial information and passwords.
Smart Money?
You would think that people with substantial assets and money would not be vulnerable right? They are smart…right?
Worth Magazine recently carried an article called “Gone Phishing”. The article revealed the findings of a recent survey by Gartner Technology Consulting based in Stamford, Conn. www.gartner.com
The Gartner report revealed:
- Wealthy Americans are receiving more scam emails, also known as phishing, and are taking the bait more often.
- High-income adults reported receiving an average of 112 phishing emails in the past year compared to an average of 74 for all Americans.
- Wealthy victims also reported losing an average of $4,362, nearly four times higher than the average for the general population.
Recognize Phishing Scams and Fraudulent E-mails
Advice from Microsoft
Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information.
What does a phishing scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows.
They often include official-looking logos from real organizations and other identifying
The above is an example of a phishing e-mail message, which includies a deceptive URL address linking to a scam Web site
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.
How to tell if an e-mail message is fraudulent
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.
"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.
Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.
Example of masked URL address
Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "
www.microsoft.com" could appear instead as:
- www.micosoft.com www.mircosoft.com www.verify-microsoft.com
Use Microsoft products and services to help warn and protect you from online scams
Install the Microsoft Phishing Filter using Internet Explorer 7 or Windows Live Toolbar . Phishing Filter helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. Learn more about how to get Phishing Filter .
Install up-to-date antivirus and antispyware software . Some phishing e-mail contains malicious or unwanted software that can track your activities or simply slow your computer. Try new antivirus and comprehensive computer health services like Windows Live OneCare. To help prevent spyware or other unwanted software, download Windows Defender
To learn more, read How to handle suspicious e-mail. If you believe you may have already provided personal or financial information in response to an e-mail message, read What to do if you've responded to a phishing scam.
World Trade Center
Defense Systems a.k.a. Business Continuity Planning
The financial community has clear direction from the regulatory agencies for business succession planning. The terrorist attacks on September 11, 2001 demonstrated the need for greater business continuity planning at the industry level and within individual organizations, securities firms, and service providers.
Consider the following business continuity planning:
NASD Business Continuity Planning
Business Continuity Planning: National Association of Securities Dealers-NASD Rules 3510 and 3520 require firms to create and maintain business continuity plans (BCP) to use in the event of a significant business disruption. www.nasd.com
Securities Industry Association –SIA Business Continuity Planning
SIA's Business Continuity Planning Committee includes 80 firms, industry utilities, exchanges, and other organizations that provide clear guidance for greater business continuity planning at the industry level and within individual organizations, securities firms, and service providers.
NASD Small Introducing Firm Business Continuity Planning Template
NASD provides a template as an optional guide to small introducing firms to assist them in fulfilling their need to create and maintain business continuity plans (BCPs) and emergency contact person lists under NASD Rules 3510 and 3520. The template recognizes that many small introducing firms rely on parts of a clearing firm’s BCP for many of the mission critical functions of the introducing firm. The template also contains instructions, relevant rules and Web sites, and other resources that are useful for developing a BCP for a small introducing firm.
Example: BCP Disclosure Statement for Introducing Firms with a Clearing Firm Arrangement.
NAICThe National Association of Insurance Commissioners (NAIC) which is the organization of insurance regulators from the 50 states, the District of Columbia and the four U.S. territories has information of business succession planning for insurers. Since each state operates a little different, the plans or strategies are not uniform. The NAIC does provides a forum for the development of uniform policy when uniformity is appropriate.
Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security
To foster and facilitate the coordination of financial services sector-wide voluntary activities and initiatives designed to improve
Critical Infrastructure Protection and Homeland Security.
Disaster Recovery Institute Disaster Recovery Institute
DRII sets standards that provide the minimum acceptable level of measurable knowledge, thus providing a baseline for levels of knowledge and capabilities in disaster recovery.
Source: NOAA CONDUCTS MORE FLIGHTS OVER WORLD TRADE CENTER SITE-October 30, 2001 ...LIDAR images of ground zero rendered Sept. 27, 2001 by the U.S. Army Joint Precision Strike Demonstration from data collected by NOAA flights. NOAA/U.S. Army JPSD-
Threat Advisory for the Nation.
Homeland Security Advisory System
The Homeland Security Advisory System is designed to target our protective measures when specific information to a specific sector or geographic region is received. It combines threat information with vulnerability assessments and provides communications to public safety officials and the public
Caution! The above is a sample and may not represent the actual current
Get current and updated Homeland Security and State Department information
Help For Fraud or ID Crime Victims
If you feel your rights as a client or customer have been violated, please consider notifying one or more of the applicable agencies:
The Big Three Credit Reporting Companies
Contact the nation’s largest credit reporting companies if you suspect you have been hit by Identity Theft.
Special Note: The Fortress shown above is the Bodiam Castle And Moat - England