Impersonation fraud in the financial sector is on the increase, with financial advisers being unknowingly used to facilitate the frauds. ABI members have reported cases where advisers are receiving instructions that appear to have been sent from a genuine client's email address, but which in reality have come from fraudsters that have hacked, or 'spoofed' email accounts. The instructions request that funds be encashed/transferred into an account (or accounts) controlled by the crime group. If the initial request is successful, criminals have been known to repeat transfer requests to fund a number of different accounts. Particular vigilance is needed if the communication received by an adviser from someone, purporting to be the customer, provides new bank details.
Life companies are tightening up their controls where possible, but there remains a dependency on financial advisers also being diligent and verifying that they are dealing with the genuine client when they receive instructions to act.
This type of fraud is generally successful where the fraud controls employed by the financial adviser prior to acting upon the request are not as strong as they might be. Advisers that accept instruction online should consider strengthening verification controls to ensure that clients are protected from this criminal activity. Controls that are worth considering could include: