Amid growing concerns among securities regulators about the threat of email hack attacks, the New Brunswick Securities Commission Wednesday issued an investor alert detailing how investors can tell whether they’ve been victimized.
The NBSC reports that securities regulators in the U.S. and Canada have seen a number of cases involving investor funds being stolen through hacked email accounts. The U.S. Financial Industry Regulatory Authority also recently issued an alert warning about fraudsters who first gain access to an investor’s email account and then use that access to make unauthorized trades and account transfers.
“Tell-tale signs that you’ve been the victim of an email account intrusion include reports of spam from people in your contacts folder or a slew of bounced email messages from people whom you don’t know,” the NBSC says in its alert. “You might find that your password or other account settings have been changed – or that your email provider has blocked you from accessing your account.”
For investors that suspect they have been hacked, the NBSC says that one of the most important first steps to take is to “notify your investment adviser, investment firm and other financial institutions”.
It recommends that investors then scrutinize their accounts for unauthorized transactions – especially withdrawals or wire transfers to an unknown account – and ask their firm to investigate if they find any. While this investigation takes place, it recommends that investors change their username, password and personal identification number for their financial accounts, as well as changing the email password.
FINRA also issued a regulatory notice to firms highlighting some of the risks associated with accepting instructions to transmit or withdraw funds via email, and recommending that firms reassess their policies and procedures to ensure they are adequate to protect customer assets from these sorts of risks.