U.S. securities regulators are warning of email hack attacks against brokerage clients.

The U.S. Financial Industry Regulatory Authority issued the alert Thursday, indicating that it has received an increasing number of reports of investor funds being stolen by fraudsters who first gain access to an investor’s email account and then email instructions to their brokerage firm to transfer money out of their account. It warns investors about the potential financial consequences of a compromised email account and provides tips for safeguarding assets.

FINRA has also issued a regulatory notice to firms highlighting some of the risks associated with accepting instructions to transmit or withdraw funds via email, and recommending that firms reassess their policies and procedures to ensure they are adequate to protect customer assets from these sorts of risks.

Among other things, in the notice, FINRA recommends that firms’ policies and procedures should: include a method for verifying that an email was in fact sent by a customer; and, be designed to identify and respond to ‘red flags’, including transfer requests that are out of the ordinary, requests that funds be transferred to an unfamiliar third party
account, or requests that indicate urgency or otherwise appear designed to deter verification of the transfer instructions. It also stresses that firms must train their employees to follow these sorts of policies and procedures rigorously, and that firms should use random sampling and testing of transfers and withdrawals to monitor for compliance.

“Investors who suspect that their email account has been hacked should immediately notify their brokerage firm and other financial institutions, and anyone who suspects they have been defrauded should file a complaint with FINRA,” said Gerri Walsh, FINRA’s vice president for investor education.

A joint fraud alert has also been issued by the Federal Bureau of Investigation, Financial Services Information Sharing and Analysis Center, and Internet Crime Complaint Center, that describes a similar trend in which hacked email accounts are being used to facilitate wire transfers.