October 30, 2020

Volume X, Number 304


October 29, 2020

Subscribe to Latest Legal News and Analysis

October 28, 2020

Subscribe to Latest Legal News and Analysis

October 27, 2020

Subscribe to Latest Legal News and Analysis

Cyber Attack Protection Steps for Investment Firms

We are spreading awareness of an email “spear phishing” scam that has targeted investment firms recently, attempting to lure their personnel into inadvertently revealing their email account credentials to criminal fraudsters, and making wire transfers to the criminal’s account instead of the intended account.

There has been a significant uptick in this scam against investment firms. We recommend that firms advise their personnel who are involved with wire transfers to:

  • Examine “reply to” email addresses carefully to verify that the email came from the exact email address of the person who purportedly sent it

  • Beware of emails that appear to be from someone the recipient knows, that link to a log-in page where the recipient is required to enter his or her username and password in order to access something

  • Beware of emails that change wire transfer instructions from what they had been in the past or anything abnormal about the wire transfer authorization process

  • Prior to initiating any wire transfer, confirm instructions by telephone with an authorized representative of the recipient

Firms are also advised to consider the legitimate emails that their personnel receive regularly that request passwords or authorize wire transfers, and to configure their email filters to block mimicked versions of those emails that are not from the email address that they should be from.

© 2020 Proskauer Rose LLP. National Law Review, Volume VII, Number 121



About this Author

Kristen J Mathews, Privacy, Data Security Attorney, Proskauer, Law Firm

Kristen J. Mathews is head of the Privacy & Data Security Group and a member of the Technology, Media & Communications Group.

Kristen focuses her practice on technology, e-commerce and media-related transactions and advice, with concentrations in the areas of data privacy, data security, direct marketing and online advertising. She regularly advises clients on a wide range of matters, including privacy and data security compliance, customer authentication, responding to data security breach incidents, preparing privacy and data security policies, data profiling, behavioral...