RIA Compliance and Practice Management Blog

How RIA Firms Can Train Staff to Detect a Phishing Email

Posted by RIA in a Box

Dec 12, 2018 11:36:18 AM

RIA firms email phishing attacksWith increased sophistication around phishing emails, it is more important than ever to make sure your staff is properly trained on how to identify a potential fraudulent phishing email. Even for advanced users, targeted phishing emails are becoming harder to detect. To start, it is important for registered investment adviser ("RIA") firms have a cybersecurity policy in place. However, not only should a proper policy be in place, but It is imperative firms are training all staff on how to identify a phishing email to protect sensitive internal information and client data.

Download Our Free RIA Cybersecurity Compliance Checklist

Here are a few common tips on how to detect a phishing email:

  1. Don't trust the sender display name: A common phishing tactic is to spoof the display name of the sender. When in doubt - check the email address in the header. If the sender email address does not match the display name, don’t open the email.
  2. The email address is valid but something looks suspicious: It's possible a client or third party vendor's email account has been compromised. Trust your instinct and if the context of the email seems a bit off or the individual has not recently emailed you be sure to exercise great caution.
  3. Don't click on links contained within an email: If the email contains any embedded links, hover your mouse over the link and review the website address. If the link does not match the senders URL, do not open. If you'd like to view the embedded link, simply open a new browser tab and manually search for the link in your browser.
  4. Check for grammatical and spelling errors: Often, a phishing email will contain a grammatical or spelling error. Be sure to carefully review the content of unsolicited or unexpected emails.
  5. Don't download any attachments: Often times, attached documents in phishing emails contain viruses or act as a way to deliver ransomware. Don’t ever open any email attachments you weren’t expecting. If you are expecting an attachment via email from a client or vendor, but have doubts about the email always call the client or vendor at a previously known valid phone number to confirm they actually sent an email with the attachment in question.
  6. Don't fall for urgent and action item subject lines: Another common phishing tactic is urgent subject lines requiring you take an immediate action. For example, "Action Immediately Required" or "Urgent: Password Needs to be Updated!"
  7. No personal information should be sent via email: If you receive and email requesting you enter your person credentials via email, don't. Always open a new tab browser and login directly on the site.
  8. Most important of all - If a mistake is made with such an email, ensure that staff is trained and comfortable immediately reporting the incident in order to contain and mitigate the potential damage.

Unfortunately, RIA firms remain a prime target for email phishing and other related cybersecurity attacks given the sensitive client information that firms may have access to. Furthermore, email phishing attempts continue to grow more targeted and sophisticated. Investment advisory firms need to recognize the risk such attacks present and actively address through proper system design and frequent staff training. 

Download Our Free RIA Wire Fraud Prevention Checklist

 

Topics: RIA Operations, RIA Technology

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.

RIA Compliance & Practice Management

Stay up to date on the latest RIA compliance, operations, and technology topics.

Hear from industry experts as they keep you up to date on the latest regulatory developments and practice management topics.

Subscribe to Email Updates

Recent Posts

POSTS BY TOPIC

cta-ria-compliance

cta-ria-operations

cta-ria-technology