- "Business-email compromise" scams target financial services firms and their clients through phishing.
- A successful attack nets an average $130,000 loss per scheme.
- Between 2013 and 2016, these schemes have resulted in a total dollar loss of $5.2 billion.
If you get an email from a seemingly trusted source asking you to wire some money or share some sensitive information, it might be best to hit the delete button.
That email just might be a phishing attempt in a business-email compromise scheme, or BEC — a new scam that's resulted in a $5.2 billion loss between Oct. 1, 2013, and Dec. 31, 2016, according to the Federal Bureau of Investigation.
This latest twist on ripoffs was the subject of a Wednesday panel at TD Ameritrade's National LINC conference in Orlando.
"Your firm is always at risk," said Stephen Dougherty, a panelist and financial fraud investigator with Firebird Analytical Solutions & Technologies.
Hackers who excel at this scam are well rewarded for their efforts. A successful attack averages a $130,000 loss per scheme, according to Dougherty.
In comparison, a traditional bank robbery averages a $3,816 loss per successful act.
This is how hackers exploit advisors and their clients.
Hackers find ways to break through companies' defenses. For instance, a crime ring might gather information on a business and attack employees through phishing emails.
Crooks may impersonate clients in an attempt to fool employees at the firm into wiring money to them. See below for an illustration.
Firms that have fallen victim to ransomware attacks — wherein a hacker will take possession of data and hold it for a specified amount of money — tend to get burned twice.
"They don't just hold your data, they parse through it and exploit it later," said Dougherty.
Firms that were victims of business-email compromise schemes were often victims of ransomware attacks just months earlier, he said.
Though local, state and federal law-enforcement authorities may collaborate to pursue schemers, the firm itself is often its own first line of defense.
See below for tips on how to safeguard yourself against a data breach.