Identifying the threat
Hardware issues aside, Hancock says that the biggest cyber threat currently is business email compromise, where an email account is hacked, and payment details altered. “Increased reliance on email, with a reduction in personal interaction, is behind this growth. Picking up the phone to check an instruction might not be as easy – either because calls aren’t being diverted, you’re not sure whether someone’s available, or you might even be reluctant to use your home phone.”
Fiduciaries can make an especially tempting target for this type of cyber attack. Firstly, they have a large network of clients, many operating multiple accounts, and secondly, the payment instruction is a step removed from the banking industry’s rigorous processes.
“What we’re actually seeing is that attacks are occurring not on the fiduciary itself, but on its clients and their suppliers,” says Hancock. “So typically, your client receives an email payment instruction from a supplier who has been compromised. The most successful scams now are where genuine email invoices/requests are intercepted and amended rather than new emails created. This immediately provides false comfort as you, or your clients may be expecting the invoice.
“With your client instructing you to pay it, you then instruct the bank. Even if the bank follows its procedures to verify that instruction from you, it will check out. What we need fiduciaries to do is verify the instruction by following a similar call back process with their client to check the original payment instruction (amount and beneficiary) was genuine, not just that a payment request was sent.”