Advice practices should conduct a regular review of their risks and controls, and keep up to date with cyber trends. The Australian Cyber Security Centre's Exercise in a Box is a handy reference and includes tutorials and simulation exercises.
Fraudulent activities online come in varying levels of complexity, and can include phishing emails and texts, as well as hacking of websites and the publication of fake websites that replicate banking and payment sites.
Training advice staff on IT security and fraud awareness is strongly recommended by BT. Simulations on phishing can help advice teams become familiar with what to look out for, such as whether an email that appears to be from a client is in fact from a slightly different email address, firstname.lastname@example.org vs email@example.com
The Commonwealth Attorney-General's Department estimates that identity crime costs Australia upwards of $1.6 billion per year, with the majority lost by individuals through credit card fraud, identity theft and scams.
In the superannuation sector, identity fraud is the most common type of fraud, according to AUSTRAC.
Even if only a small amount of personal information is obtained, for example, from stolen mail such as a superannuation fund statement, perpetrators often use 'open source' information to piece together other information such as date of birth and contact details. Social media is often targeted by criminals for this additional data, so they can impersonate their victim and access accounts.
When verifying clients' identification, advisers should ensure they are capturing accurate customer details - for example, their name should match the ID document exactly, including middle names.
Red flags include multiple changes to a client's profile within a short period. Advisers should watch out for irregularities in ID documents such as different fonts and font sizes, spelling errors, and borders or lines where there should be none.
Photos should also be checked diligently; for example, ensure that the photo in the ID document lines up correctly and does not look out of place.
BT's cyber experts encourage the use of biometrics across all devices, where available, especially mobile phones. On the BT Panorama mobile app, advisers and clients can log in by using face ID or fingerprint verification or a passcode.
Two-factor authentication (2FA) is another measure implemented by businesses to increase security. 2FA requires users to provide two factors, such as biometrics plus a password.
BT Panorama requires 2FA for important steps such as to register to use the platform, use the forgotten password process view, update personal details, add billers, link bank accounts and pay anyone.
In addition, adviser notifications, behavioural pattern analysis and robust bank-grade security measures help to protect advisers and their clients, and BT continues to focus and invest in this space.
Advisers may also wish to consider talking to customers about cyber security and keeping their systems or devices protected. It may help to explain that biometrics and/or 2FA can keep their account and identity more secure, compared to using a password alone.
Advisers are encouraged to keep security programs up-to-date. Every time new malware or a trojan is discovered, security firms put out a patch that users need to download and install. It's incumbent upon users to update their programs.
BT's experts warn that using public Wi-Fi is a cyber security breach waiting to happen. Using a Virtual Private Network (VPN) while on a public Wi-Fi connection allows you to access the internet through a private network, so that your browsing is protected and that nobody can see what you're doing.
Password managers are targets for hackers, and a few have suffered from data breaches in recent years. It's best to remember your passwords - one way to do this is by writing down clues. In regard to the password itself, don't share it, don't write it down, and don't capture it anywhere in your system.
This document has been created by Westpac Financial Services Limited (ABN 20 000 241 127, AFSL 233716). It provides an overview or summary only and it should not be considered a comprehensive statement on any matter or relied upon as such. This information has been prepared without taking account of your objectives, financial situation or needs. Because of this, you should, before acting on this information, consider its appropriateness, having regard to your objectives, financial situation and needs. Projections given above are predicative in character. Whilst every effort has been taken to ensure that the assumptions on which the projections are based are reasonable, the projections may be based on incorrect assumptions or may not consider known or unknown risks and uncertainties. The results ultimately achieved may differ materially from these projections. This document may contain material provided by third parties derived from sources believed to be accurate at its issue date. While such material is published with necessary permission, Westpac Financial Services Limited does not accept any responsibility for the accuracy or completeness of or endorses any such material. Except where contrary to law, Westpac Financial Services Limited intends by this notice to exclude liability for this material. Information current as at 10 December 2021. © Westpac Financial Services Limited 2021.