Financial Advisor Fined After Falling for BEC Scam

Scam Alert written on the road

The Financial Industry Regulatory Authority (FINRA) fined and temporarily suspended a financial advisor working for UBS after he was tricked into transferring $511,870 from a client’s account in a CEO fraud scam, according to FinancialAdvisorIQ. A hacker used social engineering to access the client’s account and asked the advisor, William Darby, to move the money into accounts at third-party banks. Darby allegedly violated UBS’s protocol by making the transfers without first calling the client on the phone and verbally confirming the requests.

Darby was also allegedly tricked into selling the client’s securities, worth $525,826, to fund the transfers. UBS fired Darby and reimbursed the client, and FINRA fined Darby $7,500 for breaching protocol. The reason for his termination was “violated firm disbursements policy by failing to call client to confirm disbursement requests yet instructed support staff to process the disbursements.”

Darby also received a forty-five-day suspension from FINRA, but was allowed to keep his registration as a financial advisor. He’s since landed a job at another firm, and he’ll presumably be more cautious in the future.

It’s worth noting that Darby had worked in the financial services industry for twenty years, ten of which he spent at UBS, so a lack of experience is unlikely to have been the problem. Anyone can fall for a scam, so organizations need to have policies in place to reduce the chances of a scam succeeding. Of course, as this case demonstrates, security policies are only effective if they’re adhered to. It’s also unwise to think that experienced personnel can’t themselves fall prey to a scammer. We can learn a lot through experience, but sometimes experience can be the mother of illusion, too.

Proper training and education are needed to ensure employees know the importance of following their organization’s security protocols. A healthy sense of suspicion and a solid knowledge of social engineering tactics can complement strong security policies. New-school security awareness training can keep your employees from being tricked by social engineering and prevent them from falling into complacency by teaching them how scammers operate.

FinancialAdvisorIQ has the story:


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews