• / Free eNewsletters & Magazine
  • / My Account
Home>Practice Management>Technology>Protect Against Phishing Attacks

Related Content

  1. Videos
  2. Articles
  1. The Friday Five

    Five stats from the market and the stories behind them. This week: content kings, patent cliffs, and 30,000 head to Omaha.

  2. Financial Advisers: How To Make a Great Website

    Gareth Thompson of [codepotato] outlines the essential steps to building--and maintaining--a great financial adviser website.

  3. Measuring Moats in Social Media

    Twitter, Facebook, LinkedIn, and Google each have moats, but there are some interesting distinctions among their competitive advantages.

  4. Facebook a Future Advertising Force

    Morningstar's Rick Summer sees Facebook and Google dominating the Internet advertising market as Facebook finds better ways to monetize its massive user base.

Protect Against Phishing Attacks

Simulated phishing attacks can identify holes in advisors' security practices before real attacks are encountered.

Bill Winterberg, 05/09/2013

As more financial applications and services move online, financial advisors manage an ever-increasing number of logins and passwords that are used to gain access to websites of all kinds. Hackers are well aware of this trend, so instead of attempting to break military-grade encryption or hack into well-defended servers, hackers are going after easier targets: people who type in their credentials online.

Hackers are using sophisticated techniques to fool unsuspecting users to turn over their login credentials in schemes commonly known as phishing attacks. Financial advisors likely aren't aware of how vulnerable their business is to a phishing attack until after the attack is committed and damage is done.

Fortunately, advisors can deploy simulated phishing attacks to determine their vulnerability to such events before they happen and make sure colleagues and employees adhere to good security practices.

Phishing for Billions
If you weren't watching the equity markets in real time on April 23, you may have missed five minutes of brief turmoil. At 1:07 PM Eastern Time, a tweet was posted from The Associated Press Twitter account declaring a bomb had exploded at the White House and President Barack Obama had been injured. The Dow quickly dropped nearly 150 points, but largely recovered just a few minutes later after The Associated Press reported its Twitter account had been hacked.

How did the Twitter account get hacked? According to The AP, the attack was preceded by phishing attempts on AP's corporate network. Several AP staff received "an impressively disguised phishing email" prior to the posting of the fake tweet.

While the attack may have been nefarious in nature, the consequences of the event were very real. The brief sell-off in the wake of the false tweet erased some $130 billion in value among companies included in the S&P 500 before equities rebounded shortly thereafter.

If this kind of attack can have such a significant impact on the equity markets, imagine what can happen if a financial advisor's login to his or her investment custodian website is compromised.

Prepare for the Real Thing
Financial advisors are required by law to routinely test their policies and procedures in a number of business areas, including disaster recovery and business continuity plans. Testing such policies and procedures ahead of a real emergency can reveal problems and weaknesses in the plans so that steps can be taken to improve the business's ability to respond when a true interruption occurs.

Bill Winterberg, CFP, is a technology and operations consultant to independent financial advisors. His comments on technology have been featured in a variety of financial industry publications. You can view more information about Bill and see his schedule of upcoming speaking engagements at his Web site, FPPad.com. The author is a freelance contributor to MorningstarAdvisor.com. The views expressed in this article may or may not reflect the views of Morningstar.

©2017 Morningstar Advisor. All right reserved.