In investing, people often prioritize risk mitigation to “market risk” or “volatility risk”. But in this rapid technological transformation, individual clients, institutions and governments face a greater threat, one that's often overlooked and quickly dismissed as everyday occupational hazard: scams. But it's way bigger than that.
Last month, David Bottom, the CIO of the U.S Security and Exchange Commission (SEC), one of the top regulators of the financial sector, became the center of the latest email phishing attempt against advisors nationwide¹. It’s evidence that scammers are smart, adaptive, and this is no joke. Most importantly, it proves no one is exempt from falling prey to a scammer’s tactics.
Phishing is a technique for attempting to acquire sensitive data, such as bank account numbers, through fraudulent solicitation in email or on a website, in which a perpetrator masquerades as a large business or reputable person. ² These very intelligent individuals are all over the world and use digital tactics way above most people’s general knowledge to deploy their schemes. And many times, they get away with it.
A typical phishing campaign could consist of an email that you received from an individual or entity that you’re familiar with, and especially one you communicate on a rather constant basis, asking you to take some form of action to “confirm” or “validate” your private information. Examples of this could be confirming your email address by replying to the message ³, clicking a link or opening attachments, or confirming personal identifiable information such as social security numbers, bank account numbers, addresses, etc.
Victims of these elaborate scams can suffer devastating financial losses. The Federal Trade Commission (FTC) reported for the year 2024 losses of over $3 billion to scams that started online, not to mention another $9.5 billion lost to other fraudulent methods. ⁴
At Keaney Financial Services Corp. we do NOT email clients, under any circumstances, at all, ever.We adopted this initiative over a decade ago, as we saw an increasing number of clients that turned to victims of fraud through social media or from revealing and sharing private information through email with friends, family and other institutions they trust. But the scammers are more tech savvy than the average individual and can quickly turn well-intended innocent communication between 2 trusted parties into a nightmare, and in some cases even financial catastrophe.
That is why our ONLY electronic form of communication is through the DocuSign system -of which we alert you prior to sending to ensure it’s intentional communication from us- and through QR codes that we share via physical mail that direct you straight to our website, and don’t require you to enter or validate personal information. While this may seem cumbersome for some, for us it’s part of our Best Practices policies and procedures to protect your identity and safeguard your information. In our view, our "old school" keeps us both safe.
Besides fraud and scam, verbal (via phone call) and in-person communication are the ONLY 2 ways we can verify that it’s truly you making a request. In summary, DON'T email us, and DON'T respond to a supposed email from us or that seems to be associated to us, unless verifying authenticity first. And you can do that by calling us. We love hearing your voice!
Furthermore, we have taken further steps and eliminated ALL and ANY communication via text messaging systems. Text messages are NOT secure communication, and we have no way of verifying who the true author and/or intention of that communication is⁵. We do NOT conduct business of any sort via text messages, ever.
Technology is advancing and leveraging technology in our businesses is crucial for continued growth. But in a world where our focus is risk management and risk mitigation, technology posts other greater threats that we’re focused on avoiding.
Your financial security depends on our commitment to safeguard all aspects that can affect your financial wellbeing, and a big part of that is safeguarding your private information.
¹. Active Phishing Campaign Impersonating the SEC: Firms Should Be on Alert - ACA Group
³. Advisors targeted in 'pretexting' phishing scam impersonating SEC - InvestmentNews
⁴. Top scams of 2024 | Consumer Advice
⁵. Get the Facts: Are your text messages actually secure?
Disclosure & Disclaimer
The content provided in this commentary reflects the opinions of Keaney Financial Services Corp. as of the publication date. It is intended solely for educational and informational purposes. It should not be construed as individualized investment advice, a solicitation to buy or sell any security, or a recommendation for any particular investment strategy. All views are subject to change without notice based on evolving market, economic, or political conditions. While we strive to ensure accuracy, the information presented is based on sources believed to be reliable, but we make no guarantee as to its completeness or accuracy.
The opinions shared herein are those of our advisors and are not intended to represent the position of any regulatory agency, organization, committee, group, individual, or third-party institution. Consult your qualified financial, legal, or tax advisor before making investment decisions.
Risk is an inherent aspect of all investment activities, and investors must recognize that no investment is entirely free from risk. Although important, asset allocation, risk management, and diversification strategies do not guarantee generating profits or shielding against losses.