Investors Group Financial Services Inc.
On December 16, 2019, while the Organization?s clients were on vacation, a hacker gained access to the clients? (husband and wife) email account and then proceeded to pose as the wife and called the Organization?s consultant to request the clients? statements. Upon receiving this request, the Consultant provided a copy of the statements (one for the husband’s account, and one for the wife’s account) to the hacker. On December 17, 2019, the hacker emailed the consultant asking for information on how to redeem some assets from the account. Between December 17, 2019 and January 6, 2020, the consultant and the hacker exchanged emails. The consultant informed the hacker that validation of identity was required and to confirm the instructions. The consultant made several attempts to confirm the identities of the clients, and was concerned with his inability to speak with them directly. The consultant decided to check Facebook and saw that the clients were on vacation.
? The advisor messaged the husband through Facebook where the husband confirmed they had not contacted the consultant nor did they ask for a redemption by email.
? The consultant informed the clients of the requests he received by email and that their email account was compromised.