IIROC urges firms to be on the lookout for account hackers

By James Langton | March 30, 2020 | Last updated on March 30, 2020
2 min read
© erhui1979 / iStockphoto

Attempted client account intrusions are on the rise, according to the Investment Industry Regulatory Organization of Canada (IIROC).

In a bulletin to dealers, IIROC reported an increase in efforts to hack into clients’ accounts amid the Covid-19 outbreak and warned firms to ensure that they are on guard against this threat.

“[Dealers] should ensure that controls or processes put in place to prevent or detect possible account intrusions are operational and working as expected,” IIROC said.

These sorts of controls include real-time alerts, post-trade compliance reviews to detect abnormal trading patterns, two-factor authentication, blocking access to unfamiliar IP addresses and monitoring for IP addresses that are known to be fraudulent.

IIROC also advised firms to ensure that they have procedures in place to address potentially compromised accounts, including measures to suspend accounts, requiring clients to set new passwords or to create new accounts.

Additionally, IIROC called on dealers to alert it to any suspected account intrusions.

“This is important for IIROC to assess any potential harm to clients and/or market integrity,” IIROC said.

The warning about an increase in account intrusions follows an earlier advisory from the Mutual Fund Dealers Association of Canada warning about an increase in phishing attempts since the pandemic emerged.

IIROC is also warning firms about phishing and malware attacks, noting, “All text messages, emails, attachments, links and websites with coronavirus-themes should be treated with caution as they could contain malware or be part of a phishing attack designed to gain access to your network, personal information and assets.”

The self-regulatory organization also reminded firms about ensuring the security of home computers and mobile devices amid the shift to remote working arrangements.

“Avoid using unsanctioned or unauthorized devices or accessing unsecure websites or wireless connections,” IIROC said.

James Langton headshot

James Langton

James is a senior reporter for Advisor.ca and its sister publication, Investment Executive. He has been reporting on regulation, securities law, industry news and more since 1994.