During busy periods, you and your clients should naturally be more cautious about potential fraud and scams, as cybercriminals often use the increase in legitimate activity as cover for their actions.
Compromised email addresses are becoming increasingly common, and the Information Commissioner’s Office has confirmed that phishing is one of the most frequently used types of cyber security attack.
This is something to be very wary of – particularly at a time when you and your clients may be looking to arrange payments which could involve sending bank details through email. Here are a couple of examples of how this kind of crime could work in practice:
Example 1
An adviser contacts AJ Bell to request a £40,000 payment from their client’s SIPP.
When AJ Bell responds to this, they receive an email back – seemingly from the same adviser – asking them to change their bank details at the last minute.
Example 2
Shortly after this, a second email is sent from the ‘adviser’ to inform the client that the bank details have changed. New details are provided, which are linked to a fraudster’s bank account.
Any request to change bank details could be an indication that the email chain has been intercepted – even if the message appears to have come from the correct email address. If this happens, the best course of action is to call the client or organisation on a trusted contact number and verify the request.
Always double check email addresses to see if they exactly match your contact’s usual address, and that none of the letters or numbers have changed. If anything is different, this could indicate that the email has been spoofed.
Here are some additional steps that you can take to protect yourself and your clients from fraud over the tax year end period:
1. Be wary of unsolicited contact. If you receive unexpected emails, phone calls, or messages asking for personal or financial information, be cautious. Scammers often pose as banks, HMRC, or other trusted organisations.
2. Verify requests. If someone asks for sensitive information, verify their identity before responding. Contact the client or organisation directly using a known phone number or email address, not the contact details provided in the message. If you are discussing bank or payment details, it’s best to call the client or organisation on a trusted number.
3. Use strong passwords. Ensure your online accounts have strong, unique passwords. Avoid using easily guessed passwords like ‘password123’ or ‘123456’.
4. Enable two-factor authentication. Where possible, enable two-factor authentication (‘2FA’) on your accounts. This adds an extra layer of security by requiring a second form of identification. You can find out how to add this to your AJ Bell Investcentre account, here.
4. Keep software updated.
Make sure your computer, smartphone, and any other devices have the latest security updates installed. This helps protect against malware and other security threats.
5. Be cautious with links and attachments. Avoid clicking on links or downloading attachments from unknown or suspicious sources. These may contain malware that can steal your information.
6. Monitor your accounts. Regularly check your bank and investment accounts for any unusual activity. If you spot something suspicious, report it immediately.
7. Educate yourself and others. Stay informed about common fraud and scam tactics, and share this knowledge with friends, family, and clients. Awareness is a key defence against fraud.