Wealth Think

Cyberattack punch list: First aid for digitally defrauded clients

When it comes to sensitizing clients to cybersecurity threats, current events can drive home the urgency of mounting defenses against cyberattacks. A recent example is Russia's malicious cyberattacks against Ukraine which, according to U.S. agency reports, have included attacks on energy sources, supply-chain interruptions and financial data theft. Such assaults drive home the danger of digital crimes that can extend far beyond any one nation's borders.

Eric Sontag
Eric Sontag is president and chief operating officer of Wealthspire.
James Fritz
James Fritz is chief information security officer of NFP.

While prevention of such attacks is the ideal, when a distraught client calls and tells you they fear — or know — the worst has happened, quick and decisive action is crucial. Acting as first responder, here is how to advise clients on a variety of situations — beginning with the correct authorities to contact for more detailed guidance.

Your client suspects identity theft

  • Counsel them to place a fraud alert or credit freeze on their accounts, after which they should contact any vendor, bank or institution directly affected. Then contact the FTC and file an Identity Theft Affidavit and create an Identity Theft Report. Reports can be filed by calling (877) 438-4338 or going to IdentityTheft.gov.
  • Armed with these documents they should contact local law enforcement and file a police report. 
  • If your client's Social Security number is compromised, they should contact the Social Security Administration at (800) 269-0271 and the IRS at (800) 829-0433.
  • If some or all of the theft or fraud has been committed via mail, or if any fraudulent change-of-address forms are discovered, contact the Postal Inspection Service, the law enforcement and security branch of the postal service. 

The client's computer has been compromised

  • Advise them not to shut down or restart the device, since doing so risks the further complication of not being able to turn it back on. Instead, immediately disconnect the device from the internet, whether via Wi-Fi or a physical plug. These steps are important in stopping possible data loss and/or a potential attack from migrating from the affected computer to another device in the environment.
  • Unplug any external drives connected to the device, especially if the external drive contains backup data. Clients should take note of any sites they were logged into when the event occurred, as a cyberattacker is likely seeing exactly what your client is able to see on the screen. They should then log into those sites from a separate computer and, at a minimum, monitor them for any suspicious activity. 
  • To further protect accounts, clients should reset passwords and enable multifactor authentication, if not already enabled. Advise clients to run a malware removal tool if they have one. If they don't, they can reconnect to the internet and download one here

The client's computer has been encrypted by ransomware

  • If this occurs, the client will likely be cut off from access to their computer and therefore unable to remove the ransomware or access any data backups. At this point, they have a decision to make: either pay the ransom or don't. If they have good backups of all their data, they may opt not to pay the ransom. Instead, they can wipe the affected device and restore the data, which should result in minimal to no loss.
  • If they don't have good backups and the data on the machine is too valuable to lose, paying the ransom may be the best option. However, the client should understand that paying doesn't guarantee they will be able to fully recover the data. Attackers don't always play fair and even after receiving the money they might not provide the right key, or any key at all, or the key might fail while decrypting the device. 
  •  Once the machine is back up and running, advise them to install a good anti-malware tool.

Your client's password(s) have been compromised 

  • If they are receiving multifactor authentication requests that they did not request, or they notice abnormal logins to an account, clients should assume that their credentials have been compromised.
  • Instruct them to deny any MFA requests they receive, then to log in to the site and immediately change the password. When doing so choose the option — if it appears — to force all current sessions to sign out immediately in order to thwart a bad actor who might already be logged into the account.
  • Going forward, clients should be on the alert for further signs of abnormal activity or sign-ins. Given that email addresses are the most common usernames for websites and applications, discourage them from using the same password for multiple accounts. Utilizing a password manager can help efficiently maintain a larger volume of unique and complex passwords. This tool can help identify if account credentials have been affected by a previous compromise.

Eternal vigilance cheat sheet

Prevention is always preferable to a cure. Instilling ongoing awareness of cyber crime in your clients can reduce the odds of you receiving a panicked call. Here are key areas to act upon.

  • Reinforce everyday precautions: Here's a refresher on best practices for everyday web usage.
  • Raise awareness of common cybersecurity threats: Phishing attacks, domain spoofs and watering holes are three common hacking techniques, but there are other methods that can be easily identified.
  • Highlight early warning signs of identity theft: Given the volume of personal data that lives online, clients may be unaware of identity theft until significant damage has been done. Learn more about helping clients prevent and deal with identity theft.
  • Educate clients about investment-related scams: Your clients should know that cyberattacks are not limited to identity theft and data breaches, but can also involve fraudulent investment products or financial advice. The SEC publishes bulletins on a regular basis updating the public on new and ongoing scams along with resources for combatting and reporting them.
  • Ensure offline information also remains secure: Although it seems like stating the obvious, instruct clients to keep all financial documents, personal records and valuable items in secure locations at home or in safe deposit boxes.
For reprint and licensing requests for this article, click here.
Technology Practice and client management Cyber security Fraud Ransomware Malware
MORE FROM FINANCIAL PLANNING