Articles Posted in Cyberattack

Chicago-based Stoltmann Law Offices has represented investors who have suffered losses as a result of their brokerage or investment accounts being infiltrated by hackers.  How safe are your retirement funds from hackers? With massive hacking activity and cybersecurity in the news every day, that’s an essential question to ask your financial advisor. Cybercriminals are trying to steal money and personal financial information 24-7.

Here’s a series of questions to ask: When financial advisors suspect that your retirement accounts are being hacked, have they reported this information to you? Even more importantly, have they reported it to federal authorities such as the FBI or Treasury Department? That’s not only the right thing to do, they are legally obligated to do so.

Of course, if an advisor or third party fails to report suspicious online activity to regulators, they may be breaking the law. The U.S. Securities and Exchange Commission (SEC), for example, recently imposed a $1.5 million fine and settled charges against GWFS Equities, an affiliate of Great West Life and Annuity Insurance Company, “for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs).”

Stoltmann Law Offices has previously alerted consumers that their brokerage firms can be held responsible for theft in their brokerage, bank, or cryptocurrency accounts as a result of hacking. We have been successful in recovering these losses from brokerage firms for our clients. That is because the regulations are very clear on the supervision and compliance procedures that these firms must execute to protect their clients and their hard-earned savings.

FINRA Rule 3110 requires brokerage firms to establish and maintain a supervisory system to achieve compliance with applicable securities laws and regulations. Included in this supervisory system is the requirement to safeguard customer funds and securities and to inspect the “transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g. banks, investment companies, etc.)…” (FINRA Rule 3110(c)(2)(A)).

Firms are further required to comply with the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID). Pursuant to Regulation S-ID, this includes having an Identity Theft Prevention Program with procedures to identify, detect, and respond to red flags of identity theft. 17 CFR §248.201(d).

Stoltmann Law Offices, P.C has represented SIM-Swap hacking victims and continues to investigate ongoing claims related to this sordid scam impacting many people.  A story reported by CNN last week went into detail about a specific victim in San Francisco. According to the story, Robert Ross had over $2 million stolen from him when his phone was hacked through a process called “SIM-Swapping” or “SIM-Jacking.” Like so many of these victims, Mr. Ross was a crypto-currency investor and those were the funds that were stolen from him.  Mr. Ross is suing his cellular provider, AT&T, for its role in enabling the fraudsters who stolen millions from him. The outcome of that lawsuit is far from certain. However, Stoltmann Law Offices continues to monitor updates on these SIM-Swapping scams and are fully engaged in prosecuting cases on behalf of victims against their cellular providers.

These cases are not highly technical or difficult to grasp once you understand some of the basics. First, its important to understand one bit of technical jargon.  What is a “SIM” card? A “SIM Card” is a memory chip contained inside a mobile phone which carries a unique identification number specific to the owner, stores the owner’s personal data, and disables the mobile phone if removed. SIM Swapping is a means of infiltrating someone’s cellular world by taking control of the user’s SIM Card and have it activated in a phone controlled by the scammer, without stealing the phone or breaking it open to actually remove the SIM card. Here, the infiltration is virtual and once the scammer has the customer’s SIM card activated in the phone in his possession, it can then be used to gain access to emails, brokerage accounts, bank accounts, and cryptocurrency virtual wallets.

The scheme is so incendiary because it takes advantage of two-step authentication – something we’ve all been told for years to have set up to PROTECT us from hackers.  Here’s how it works: The crook convinces AT&T (or Verizon, Sprint, or T-Mobile) that he is the account owner. The crook accomplishes this typically by making up a story why the phone number needs to be transferred to a new phone. In one case the imposter simply called AT&T Customer Service, told them he dropped his phone in a lake, and that he had a new phone that needed to be activated. Instead of determining whether the phone that was allegedly at the bottom of a lake was still active and in-use, the AT&T representative accepted the unverified representations of the imposter and activated the “new” phone in the hands of the scam artist. The customer’s actual phone was deactivated and by the time it was realized, the fraudster gained access to the customer’s email and then virtual wallet. The CNN story about what happened to Mr. Ross – noticing his cell phone had no service, or “zero bars” for no apparent reason – is the first indication your SIM has been compromised.

Crypto related currencies have been called a lot of things. The next big thing. A bright, shiny object.  When top financial regulators say they aren’t comfortable that they haven’t learned about the full dangers of crypto, you’re wise to be wary too. Investment promoters often try to convince hungry investors they can turn hot topics of the day from oil and gas fracking to self-driving cars into wealth.

But often the only wealth that surfaces from their drumbeat is an abundant pile of victims.  Crypto crooks stole over $4 billion from investors this year, the blockchain consulting firm CipherTrace warned in a new study.  Even the sophisticated are vulnerable and increasingly so.

“Exchanges and users are facing a greater sophistication in the tactics, techniques and procedures (TTPs) cybercriminals are using to target the cryptocurrency space. In the case of exchange robberies, hackers have developed advanced methods to overcome even the current “best practice” security in place at the more vigilant exchanges,” CipherTrace cautioned.

CNBC
FOX Business
The Wall Street Journal
Bloomberg
CBS
FOX News Channel
USA Today
abc NEWS
DATELINE
npr
Contact Information