For Advisor Use Only — Not For Distribution1

© 2013 LWI Financial Inc. All rights reserved. The material in this communication is provided solely as background information for registered investment advisors and is not intended for public use. Unauthorized copying, reproducing, duplicating or transmitting of this material is prohibited. LWI Financial Inc. (“Loring Ward”) is an investment advisor registered with the Securities and Exchange Commission. Securities may be offered through Loring Ward Securities Inc., an affiliate, member FINRA/SIPC. IRN R 13-134 (Exp 5/15)

E-mail Hacking and Fraud:Why it Matters to Investment Advisors

Cynthia ChuDirector, Advisor Services

Huong NguyenCompliance Analyst, Legal & Compliance

For Advisor Use Only — Not For Distribution2

Agenda

• Overview of the issue

• The Devil is in the Details & Red Flags

• Statistics that will alarm you

• Real life examples

• Ramifications and failures of diligence

• Regulatory reporting

• Best practices

For Advisor Use Only — Not For Distribution3

Overview of the Issue

• Malware

• Phishing

• Social Engineering

• Identity Theft

For Advisor Use Only — Not For Distribution4

Account taken over

and monitored

Advisor forwards to

Loring Ward or custodian

Funds leave client’s

account

or

Fraudster may have access to the client’s:

• Personal documents

• Signature

• Writing style

• Account information

The Devil is in the Details

Understanding How it Works

Fraudster hacks client’s email

account

Fraudster emails advisor wire request

Custodian processes wire

Client & advisor become victims

of wire fraud

Fraudster creates nearly identical email account

For Advisor Use Only — Not For Distribution5

Red Flags

• Originating e-mail address is not the client’s true e-mail.

– Example: joel.doe@yahoo.com vs. joeI_doe@yahoo.com, joe1.doe@yahoo.com,

j0el.doe@yahoo.com

• Wire request is urgent and to a third party, including a sympathy ploy.

• Fraudster states he or she is unavailable by phone.

• Emails are riddled with spelling and grammatical mistakes.

• The signature on the wire letter identically matches a previous LOA.

• Consecutive wire requests in small amounts over a short period of time.

• Email requesting account balance information followed immediately by a request to wire out all or a portion of the cash balance.

For Advisor Use Only — Not For Distribution6

Wire Fraud Statistics

• FBI statistics as of December 2011:– $23 million attempted fraud reported nationwide

– $6 million in actual victim loses

• TD Ameritrade statistics as of September 2012– 741 fraudulent wire instructions reported

– $25 million attempted fraud

• AOL, Yahoo, and Gmail accounts are the most compromised

For Advisor Use Only — Not For Distribution7

Source: TD Ameritrade

Wire Fraud Statistics

For Advisor Use Only — Not For Distribution8

Real Life Examples

• “Unfortunately, I can’t call you. I’m currently heading out of town… and getting online seems to be patchy.”

• “I will like to inform you that am on my way to my nephew’s funeral that passed on yesterday night. I have some outstanding urgent wire transfer which i need you to complete today with an exception, for an urgent business purpose.”

• “I need you to email me all the cash available balances with wiring instruction for domestic and international wire.”

• “I will be very busy today and my phone will not be available but I will frequently check my email for your response.”

For Advisor Use Only — Not For Distribution9

Ramifications

• Monetary

• Reputational

• Security

• Regulatory

For Advisor Use Only — Not For Distribution10

Enforcement Case

• Merrill Lynch, Pierce, Fenner & Smith Incorporated (CRD #7691, New York, New York) submitted a Letter of Acceptance, Waiver and Consent in which the firm was censured and fined $450,000.

– Failed to establish adequate supervisory control system

– Failed to include a policy or procedure requiring a review to detect or prevent multiple transmittals of funds from multiple customers going to the same third-party accounts

– Failed include exception reports that would have identified multiple customer wires going to the same third-party account

– Consequently failed to detect that registered representative had initiated fund transfers totaling approximately $887,931 out of customer accounts to bank accounts he controlled

– Registered representative barred from the industry and firm required to repay each customer (FINRA Case #2010022652202)

For Advisor Use Only — Not For Distribution11

Advisor Regulatory Reporting

• RIAs should be aware of the actions they can take from a regulatory reporting standpoint: – Filing Suspicious Activity Reports (SARs) as

applicable(http://bsaefiling.fincen.treas.gov/main.html)

– Filing reports with iC3 for cyber crimes (http://www.ic3.gov/default.aspx)

– Coordinating filings with authorities as necessary (FBI, IRS, SEC, etc…)

For Advisor Use Only — Not For Distribution12

Third-Party Wire Policy

• Advisor will verify any third-party money-movement requests in person or via phone

• Advisor will sign the Third Party Wire Attestation Form and send to Loring Ward along with the wire request

• Loring Ward will call the Advisor to verbally confirm that the Advisor has spoken to the client

• Loring Ward will forward instructions to the custodian

• Custodians reserve the right to verbally confirm the wire instructions with the client

For Advisor Use Only — Not For Distribution13

What Can I Do?

• Always verify verbally with your client

• Be vigilant in your email correspondence with your clients, particularly for third-party money movement requests

• Educate your clients and position your rationale

• Train staff

– FINRA E-Learning Courses

• Contact Loring Ward if something “doesn’t smell right”

– Immediate cash needs

– Instructions not to call or e-mail

– New or unfamiliar third party check/wire recipients

– Use of outdated or previously used forms

For Advisor Use Only — Not For Distribution14

What Can I Do?

• Utilization of secure email

• Keep software up-to-date and install suitable virus protection

• Educate clients on the potential risks associated with public email and non-public personal information

• Change passwords often, and make them challenging to crack

• Keep an eye on sent mail, the trash folder, and other IP addresses that may be logged into your account

• Don’t write passwords down on Post-It notes or in unprotected folders on your computer

For Advisor Use Only — Not For Distribution15

What Can I Do?

• Maintain your computer security

• Use your own computer & log out completely

• Be prudent when using wireless connections

• Check for secure web sites and be careful downloading

• Don’t respond to emails requesting personal information

• Log into your account from time to time to identify potentially unauthorized trading activity

• Read your statements and trade confirmations promptly

• Secure your confidential documents

• Safeguard your Social Security number

• Do a periodic “Identity Theft” check by reviewing your credit report (http://www.annualcreditreport.com)

For Advisor Use Only — Not For Distribution16

Client Resources

• http://www.finra.org/investors/protectyourself/investoralerts/fraudsandscams/p125460

• http://www.finra.org/Investors/ProtectYourself/InvestorAlerts/FraudsAndScams/P037886

• http://ftc.gov/opa/reporter/idtheft/index.shtml

• http://www.sec.gov/investor/pubs/phishing.htm

• http://www.morganlewis.com/pubs/MatthewsKiesewetter_AntimoneyLaundering-IACForum0107.pdf

• http://fppad.com/2012/04/11/why-you-cant-trust-your-clients-anymore/

• https://www.sifma.org/uploadedfiles/education/consumer_resources/education_consumer%20resources_identity%20theft%20tips%20and%20resources(1).pdf

For Advisor Use Only — Not For Distribution17

Q & A