Fraudsters duped Canadians out of $569-million last year, up from $383-million in 2021, according to the Canadian Anti-Fraud Centre. These cases span everything from sextortion, in which fraudsters threaten to publish lurid pictures of their victims, to fake cryptocurrency investments.
Wealth management firms and their advisors see the aftermath of many frauds close up. Some, such as Toronto-based Richardson Wealth Ltd., have even managed to thwart scammers at the last minute.
Scott Stennett, vice-chair at the firm, recalls a situation in which one of its clients was negotiating the purchase of a property in Costa Rica. The client received an e-mail from their realtor requesting $1-million to secure the deal from a competitive offer. The client instructed Richardson Wealth to wire the funds.
Only later, when the client tried to follow up with the realtor did they discover the truth: the scammer had compromised the realtor’s e-mail account and sent a fraudulent e-mail.
The client called Richardson Wealth immediately and the firm managed to retrieve the wire transfer with seconds to spare.
“We high-fived in the office,” Mr. Stennett says. “The bad actors were probably trying to access the funds just as we were taking them back.”
Attacks such as these are increasing. The Ombudsman for Banking Services and Investments’ (OBSI) 2023 annual report found that fraud accounted for 40 per cent of all its banking-related cases, up from 31 per cent in 2022 and 22 per cent in 2021.
Fraud has also taken off in the investment sector, accounting for 15 per cent of investment complaints in 2023, up from just 1 per cent in 2021, according to OBSI. Most of it relates to cryptocurrency scams.
Larry Keating, founder of Markham, Ont.-based cybersecurity company NPC DataGuard, wrote the mandatory self-assessment questions for the Mutual Fund Dealers’ Association of Canada before it merged with the Investment Industry Regulatory Organization of Canada to form the Canadian Investment Regulatory Organization (CIRO). He isn’t surprised that fraud is so rife in the financial sector.
“More so than even health care, financial advisory and insurance companies are the honey pots,” he says, pointing out that attackers flock to where the money is.
In the past year alone, Mr. Stennett says there’s been a 100-fold increase in phishing attacks on Richardson Wealth, in which criminals try to dupe employees into disclosing their account credentials, which can be a gateway into customer accounts.
Savvy wealth management companies have systems in place not only to detect and stop such attacks but also to spot the use of stolen credentials if they’re compromised. For example, Richardson Wealth has systems that scan for suspicious account login activity.
Attacks on clients
As wealth management companies improve their protections, cybercriminals are targeting clients increasingly using innovative techniques such as malware or phishing to compromise a client’s e-mail inbox.
“The clients keep everything in those mailboxes, including sometimes the account opening documents,” Mr. Stennett says. “In the deleted trash basket, there could be all sorts of valuable things such as signature copies.”
Other techniques, which the Ontario Security Commission’s (OSC) Investor Advisory Panel (IAP) highlighted in its 2023 report, include affinity fraud. That’s where scammers use their connections within a specific cultural, religious or ethnic group. One infamous example is convicted fraudster Bernie Madoff’s exploitation of the Jewish community when running his Ponzi scheme.
Another more technical scam involves deep fakes, which are digital audio or video impersonations of people generated with artificial intelligence. Criminals now use these to target organizations, as was the case with two U.K.-based multinationals in early 2024. Both were scammed through employees in the company’s Hong Kong office by a crook using deep fakes of the companies’ chief financial officers.
More worrying to clients of wealth management firms is the use of deep fakes to target the public. These attacks, also called out in the OSC IAP report, use fake videos of public figures to sweep up victims. Many are elderly, such as Elizabeth Bakos of Toronto. She lost $750,000 to scammers in 2022 after being fooled by a deep fake video of Elon Musk.
What to tell your clients
Advisors can help protect their clients with simple advice on how to navigate digital channels.
“On any material amount, you verify it by phoning the number of the valid counterparty,” Mr. Stennett says. For example, in the case of the Costa Rica scam he cited, the client should have phoned the realtor’s number and ensured the original e-mail was legitimate before initiating the transaction.
A robust relationship with clients is also crucial, says Milad Sakiani, vice-president of IT operations at Vancouver-based Nicola Wealth Management Ltd. The advisor should be the go-to person before making any investment.
“Before moving money, you’re making an investment check with the expert and getting their thoughts on it,” says Mr. Sakiani, adding that having a low advisor-to-client ratio helps wealth management firms provide that attention.
The other value-added service advisors can provide is a regular security bulletin that warns clients of scams to watch out for. This will help make them aware of emerging tactics before they get hit.
One such scam gaining traction is known as “pig butchering.” It’s a variation of the romance scam, a long-standing technique in which fraudsters pose as love interests online and gradually ask their victims to send them money in advance of a meeting that never transpires.
Pig butchering scammers don’t ask for money directly. Instead, after gaining a victim’s confidence, they recommend investing in fraudulent cryptocurrency investment platforms that disappear when the target has been drained. One such victim, 62-year-old farmer Dennis Jones, committed suicide after losing his fortune.
For more from Globe Advisor, visit our homepage.