Phishing and the Wild West 

Yesterday, one of our longest-standing clients received an email from us - or so he thought.  The email header and footer were perfect in every last detail, except for the fact that the telephone number had changed by one digit.  The regulatory strapline was the same, the fonts were the same, the choice of colours was the same - and the sender's email address was a perfect replica of my own.  Thankfully, what gave it away was the illiterate drivel which formed the substance of the email's message - namely an invitation to invest in some non-specified "new investment opportunity".  Actually, the wording was so incoherent that I reproduce it in all its glory here:

" It has been a great chance for many in the past years so i think it should do you a lot of good which a huge interest rate so you might need to send in funds asap to seal it, i could send you the paperworks later in the week but we need to put whatever monies today/tomorrow"

The scammer had clearly put in a great deal of effort into the business of reproducing our email format, and then simply shot himself in the foot because of his own grammatical incoherence.  I cannot think of a single regulated adviser (who I know) who would be physically capable of this kind of written incontinence, so clearly the scammers have underestimated the degree of control that the FCA exerts over even our most moderate communications.  I would like to think, however, that it was not the Regulator which taught me to mind my P's and Q's, but rather Hugh Homan, my late lamented Grammar School English Teacher.  He may no longer be with us, but the very knowledge that I was capable of such verbal vandalism would have him revolving in his grave.

It remains a surprise to me that anyone is daft enough to be taken in by such clearly mediocre overtures.  If a person is incapable of stringing two coherent words together in sequence, why on earth would you trust him to recommend some attractive investment scheme?  This is someone who is clearly blind to the text on a page:  how could such a person comment with authority on anything at all?

Aspersions on literacy aside, how does one respond to something like this?  I went through a series of iterations as follows:

  1. Immediately change passwords on email accounts (just in case)
  2. Contact Microsoft to see if our Exchange Server had been breached (it had not)
  3. Verify that firewalls were operating correctly (they were)
  4. Check to see that Exchange settings were correctly configured to supply the maximum protection against phishing activity (they are)
  5. Phone the police - wrong move.  The waves of apathy were palpable over the phone, once I had braved a thirty minute wait on-hold
  6. Phone ActionFraud - again, a futile exercise.  My phone battery gave out long before I was able to speak to anyone
  7. Use the ActionFraud 'Live Chat' - where textual exchanges occur at a frequency of around one every 10-15 minutes.  This is not an option for anyone who doesn't have a Guaranteed Immortality clause in their life-contract
  8. Use the ActionFraud Reporting Tool - this is at least usable, although the constraints imposed by the questions enforce a kind of inaccuracy in the end product
  9. Immediately contact all clients by email, warning them of potential scams, and reinforcing the fact that ValidPath would never, ever, in a million years, send emails soliciting business in this way
Fraud is continually on the increase.  At times, it seems like the Wild West out there - and all the monolithic accretions of bureaucratic ballast, generated in such volume by the regulatory bodies seem to have little deterrent effect.  It is difficult to see how anybody with the grammatical abilities of the average earthworm would even be aware of the implications, so I think that the onus is on IFAs to work hard at educating clients in order to proactively head off potential threats.

GDPR & Ongoing Development

ValidPath Members should ensure that they are familiar with our stance on GDPR.  The current outline of guidance may be accessed from this page - but Members should be aware that we are currently engaged in a fine-tuning exercise in relation to this material.  Expect further updates shortly!
Kevin Moss, 20/02/2018