Case studies – malware attacks


As our lives increasingly move online, cybersecurity is an important consideration for all businesses, including financial advice businesses. For many financial advisers understanding how to protect sensitive client information from cyber attacks is becoming an important part of sound practice management.

A cyber attack is essentially an attempt by hackers to damage or destroy a computer network or system. One of the ways they can do this, is by installing malware (also known as malicious software)on your computer that allows unauthorised access to your files and can allow your activity to be watched without you knowing. Cyber criminals can then steal personal information and login details for secure websites to commit fraudulent activities.

In this article we discuss steps financial advisers can take to protect themselves from cyber attacks and explore different scenarios that demonstrate what a cyber attack can look like and how it can be prevented.

How can financial advisers improve their cyber security?

  • Turn on auto-updates for your business operating system – such as windows or Apple’s ios, and be sure to keep computer security up to date with anti-virus and anti-spyware, as well as a good firewall.
  • Back up important data – to an external hard drive, to a USB or a cloud to protect your business from lost data.
  • Enable multi-factor authentication – start using two or more proofs of identity such as a PIN, passphrase, card or token, or finger print before access is enabled.
  • Implement premissions on a ‘need to know’ basis – your employees don’t need to access everything. Be selective about what permissions are allowed to which staff.
  • Conduct regular employee cyber training. Show staff how to ‘recognise, avoid, report, remove and recover’. Your employees can be your defence against cyber crime. Reward staff for their efforts; and
  • Always be cautious of the below when receiving emails:
    - requests for money, especially urgent or overdue
    - Bank account changes
    - Attachments, especially from unknown or suspicious email addresses
    - Requests to check or confirm login details

Cyber security assessment tool

The Department of Industry, Science, Energy and Resources has developed a tool to help you identify your business' cyber security strengths and areas where your business can improve. This tool will ask you a series of questions about how you manage your cyber security risks and based on your answers, you will receive a list of recommendations to action. You can download the recommendations as a PDF and access the tool here.

Scenario 1 - Advisory practices attacked by a Trojan virus

In this scenario, a number of advisory practices were subject to a targeted malware attack via a Trojan virus. This virus helped the cyber criminals access several advisers’ PCs and obtain the login details for systems that had been used.

This attempted fraud took place while the practice was closed over the Christmas holidays.

"We locked up the office that afternoon just before Christmas and went home. We were all looking forward to a nice long break, it’d been a busy year. We wouldn’t be back in the office until the New Year."

Transactions were submitted to the platform over the Christmas period using several advisers’ user IDs.

Direct credit (EFT) bank account details were edited to credit the cyber criminals' ‘mule’ Australian bank account. From this account the cyber criminals would be free to transfer the funds overseas.

Luckily for the practice, the fraud was uncovered before any funds were paid out.

"Even though we were on holiday, we all continued to check our transaction updates via the platform each day. We called the platform right away and they were able to stop the fraudulent payments in time."

Preventing this type of fraud

  • Be diligent about checking platform transaction updates sent by email or displayed online. Specifically look out for withdrawal requests, new accounts opened, asset sell downs and changes to contact details.
  • When taking annual leave, nominate a colleague to check platform transaction updates on your behalf in your absence.
  • Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to attempt to prevent further fraudulent transactions.
  • Bring in a tech specialist immediately to run and update security software and restore your systems back to normal. 

Scenario 2 - Adviser subject to a malware attack causing account lock

A Melbourne advisory practice was the target of a malware attack, having found malware on their system which locked their access to the platform. The malware allowed the cyber criminal to gain access to an adviser’s login details for all systems he had used recently.

The cyber criminals now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook.

The next time the adviser tried to log in to his platform desktop software, he was locked out.

He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password.

The platform reset his password. The next day when the adviser tried again to login, he was locked out of the system again.

It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.

Where you have had your platform access locked or you suspect fraud or malware on your system call us immediately as part of your reporting response so we can suspend your login ID to attempt to prevent further fraudulent transactions. Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Preventing this type of fraud

  • Be on the lookout for requests to check and confirm login details.
  • Increase the strength of your identifiers and ensure two or more proofs of identity are required before access to company systems is enabled.
  • Use virus protection software to prevent hackers from accessing your information and to help protect you if you click on a suspicious link or visit a fake website.
  • Schedule regular training for employees so that they can better detect malicious links or avoid downloading content from untrustworthy sources.

Scenario 3 - Opening email attachment causes all PCs in the office to shutdown

A staff member in an advisory practice opened a file attached to an email received one morning.

It turned out the attachment contained a ‘worm’ that infected not only the staff member’s PC, it also spread to all other PCs in the practice network.

This malware caused all PCs in the office to shut down.

The adviser needed to use the platform software that day to ensure his clients participated in a Corporate Action that was closing the following day.

With help from their Business Development Manager, the office worked through the issue so they were able to log into the platform software to complete this critical work from a home laptop that hadn’t been infected with the virus.

Preventing this type of fraud

  • Never open attachments in emails if you don’t know or trust the source.
  • Ensure your office network is protected with up-to-date anti-virus software.
  • Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to attempt to prevent any further criminal activity.
  • Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.
Discover what is impacting the future of US advisory services and learn more about the significant shifts in the advice industry. Download the BT’s Whitepaper.
Technical resource
Learning how digital advice and social media can help you acquire new clients and maintain good client relationships.
The power of perspective - Another resilience-building strategy from Kamal Sarma. Find out how to focus on the things that matter today and stop stressing about the rest.