Question

An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password. The platform reset his password. The next day when the adviser tried again to login, he was locked out of the system again. It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.

1. Identify the malware attack experienced in the above scenario

2. What recommendations would you provide for preventing such type of attacks? The recommendations should be discussed individually for the scenario and should not be a general list of recommendations

Answer 1

Advisory practices attacked by a Trojan virus

Case study 1

​In this case study, a number of advisory practices were subject to a targeted malware attack via a Trojan virus.

This virus helped the fraudsters, an eastern European syndicate, access several advisers’ PCs and obtain the login details for systems that had been used.

This attempted fraud took place while the practice was closed over the Christmas holidays.

"We locked up the office that afternoon just before Christmas and went home. We were all looking forward to a nice long break, it’d been a busy year. We wouldn’t be back in the office until the New Year."

Transactions were submitted to the platform over the Christmas period using several advisers’ user IDs.

Direct credit (EFT) bank account details were edited to credit the fraudster’s ‘mule’ Australian bank account. From this account the fraudster would be free to transfer the funds overseas.

Luckily for the practice, the fraud was uncovered before any funds were paid out.

"Even though we were on holiday, we all continued to check our transaction updates via the platform each day. We called the platform right away and they were able to stop the fraudulent payments in time."

Preventing this type of fraud

• It’s a good idea to check platform transaction updates sent by email or displayed online, every day, even when you’re on leave.

• As an additional measure, ask someone else in your office to also check these online updates or emails every day to ensure they’re valid.

• Look out for withdrawal requests, new accounts opened, asset sell downs and changes to contact details.

• Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to ensure no further fraudulent transactions can occur.

• Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Adviser subject to a malware attack causing account lock

Case study 2

A Melbourne advisory practice was the target of a malware attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently.

The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook.

The next time the adviser tried to log in to his platform desktop software, he was locked out.

He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password.

The platform reset his password.

The next day when the adviser tried again to login, he was locked out of the system again.

It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.

Preventing this type of fraud

• Call us immediately if your platform access has been locked or you suspect fraud or malware on your system. We’ll suspend your login ID to ensure no fraudulent transactions can occur.

• Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Opening email attachment causes all PCs in the office to shutdown

Case study 3

A staff member in an advisory practice opened a file attached to an email received one morning.

It turned out the attachment contained a ‘worm’ that infected not only the staff member’s PC, it also spread to all other PCs in the practice network.

This malware caused all PCs in the office to shut down.

The adviser needed to use the platform software that day to ensure his clients participated in a Corporate Action that was closing the following day.

With help from their Business Development Manager, the office worked through the issue so they we able to log into the platform software to complete this critical work from a home laptop that hadn’t been infected with the virus.

Preventing this type of fraud

• Never open attachments in emails if you don’t know or trust the source.

• Ensure your office network is protected with up-to-date anti-virus software.

• Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to ensure no fraudulent transactions can occur.

• Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.