As investors go online, criminals follow

Amid a rise in online investing and the proliferation of mobile trading apps, the U.S. Financial Industry Regulatory Authority Inc. (FINRA) is seeing an increase in brokerage account breaches too.

FINRA said that reported incidents of criminals attempting to take over clients’ accounts using stolen login information are on the rise.

While these kinds of attacks have long been an issue, FINRA said their frequency has increased, as firms have been forced to operate remotely due to the Covid-19 pandemic, with more firms providing online accounts, and more investors trading through mobile apps.

“Bad actors have taken advantage of these conditions to attempt [account takeovers], often through common attack methods such as phishing emails and social engineering attempts,” it said.

At the same time, FINRA suggested that the rise in these kinds of attacks may also be enabled by the increased availability of stolen login credentials on the dark web, along with the development of tools to automate these intrusions, “using mobile emulators to mimic mobile devices that have been compromised to access thousands of online brokerage accounts.”

To address the rise in account intrusions, FINRA said it recently held a roundtable with various firms to discuss strategies for preventing, detecting and dealing with these sorts of attacks.

In a notice to firms, it set out the results of that roundtable, including common challenges that firms have in protecting clients’ accounts and best practices for addressing these threats.

Along with using multi-factor authentication to better establish clients’ identities, firms are also deploying back-office controls to detect suspicious activity, and even scanning the dark web themselves for signs that their clients’ accounts may be compromised.

James Langton

James is a senior reporter for Advisor.ca and its sister publication, Investment Executive. He has been reporting on regulation, securities law, industry news and more since 1994.