Finra warns of old-school phone phishing scam

Wall Street regulator Finra has put out an alert warning investors about an uptick in old-fashioned phone-based phising scams.

Crooks are cold calling people claiming to represent at least one well known brokerage firm, warns the watchdog.

The scammers offer information about certificates of deposit with yields well above the best rates in the market in an attempt to lure victims into handing over personal or financial account information.

Gerri Walsh, SVP, investor education, Finra, says: "If you are not sure that the person on the other end of the line is a legitimate representative of your firm, quickly end the call and get in touch with your firm's customer service centre".

Related Companies

Finra (Financial Industry Regulatory Authority)

Channels

Regulation & Compliance Retail banking

Comments: (2)

A Finextra member 07 August, 2013, 12:32

Be the first to give this comment the thumbs up

0 likes

It's good advice but calling the FI's customer service number usually results in an interminable voice-response based menu in which the option of talking to a real person is deliberately well hidden, then you are req’d to hold for an indeterminate period (so you can’t do anything else except wait)……….surely there's a better way?

Report abuse

Pat Carroll - ValidSoft - London 20 August, 2013, 12:32

0 likes

There are two parts to solving a telephone scam like the one that Wall St regulator Finra is warning investors about.

The first part is mutual authentication, whereby the bank has to properly authenticate itself to the customer. It could stop this style of scam at source. If, for instance, customers recorded their own greeting with their bank – using their own voice – and the bank replayed that greeting whenever it contacted the customer by phone, then the customer could have a very high level of confidence it was indeed their bank on the phone.

There is increasing emphasis on the need for customers to prove their identity to banks, but in my opinion, banks should also bear the responsibility of proving their own identity to customers. The technology already exists to do this, and could also be applied as another layer in solutions to combat online and mobile banking fraud too.

The second missing piece of the jigsaw is customer education. I strongly support the views of people like Shirley Inscoe, senior fraud analyst at AITE, who advocates banks educating their customers about the types of fraud that could affect them.

Banks not only need to highlight the types of scams in existence but also explain to consumers how security technology could work for them. Being able to get the customers’ buy-in on using the likes of voice-based mutual authentication is essential if this is to work. That is not to say security procedures should be overly onerous. The security industry already rightly appreciates that there is a fine balance between strong authentication and user-friendliness. Finding that balance can be tricky, but having a mix of visible and invisible layers of security would make the process easy for the consumer, but still sufficiently strong for the bank.