Portfolio Design Services, LLC

Independent Investment Advisers

Catastrophic Malware Threats are Targeting Advisor Firms and their Clients

Sophisticated attacks using malware—software designed to disrupt computers, servers, or networks—are increasingly targeting financial advisors and their clients. Once the software is installed on a device, it can be used to leak private information, capture screenshots, or even track every keystroke a user types.

Ransomware is a type of malware that has made headlines over the past few years. Once it’s installed, it can encrypt and lock up your computer or network information, preventing you from accessing your own data until you pay a ransom, usually in the form of bitcoin.

Someone can unknowingly download ransomware in a variety of ways—opening an attachment from a phishing email that appears to be from a known source, or by clicking on an ad, following a link, or visiting a website where the malicious code is embedded.

Recently, FINRA released a Cybersecurity Alert to raise awareness about the potential Russian cyberattacks targeting US organizations.

Steps you can take to prevent an attack

Review your cybersecurity controls:

  • Keep operating systems, software, and applications current and up to date. 
  • Back up data regularly and double-check that those backups were successful. 
  • Store files using two or more formats. The cloud is the best option, but keep a backup on a DVD or memory stick. 
  • Filter network traffic.
  • Enable strong spam filters to prevent phishing emails.
  • Use multifactor authentication.

Be sure you know how to avoid phishing:

  • Do not click on links or attachments included in unknown or suspicious emails and be on heightened alert for email attachments in common file formats (docx, xlsx, pptx, pdf, zip, etc.).
  • Look for clues within the text of emails—like errors in grammar, capitalization, or spelling—that may indicate they were sent by bad actors.
  • Hover over links to reveal the website’s URL and see where the link really leads. If it’s not leading to the place you would expect, don’t click it.
  • Check the sender’s domain in the email address (for example, the “abc.com” in the address john.doe@abc.com) to see if it matches what you would expect to see.

We hope this information will help to protect you through heightened awareness and increased use of security measures.