P2014-ND-01

Social engineering. An advisor with the Organization received and acted upon email requests, believing they were sent by two clients of the organization. In fact, the email requests had been sent by an unauthorized party who had obtained access to the clients? email accounts. The email requests were about investment redemption. In processing the requests, the advisor disclosed the personal information at issue to the unauthorized party. After processing the email requests the advisor contacted the clients to notify them that their requests had been processed. The clients then indicated that they had not made the requests.

File Type: pdf
File Size: 31 KB
Categories: 2014