Advisers a ‘honeypot’ for cyber criminals

Speaking to ifa on the sidelines of the AFA national conference, Midwinter managing director Julian Plummer said recent visits to advice practices across Australia alerted him to the high levels of vulnerability faced by the profession.

“Advisers are a honeypot for hackers,” he told ifa. “There is no light that goes off when you have been hacked. There are likely advisers out there who have been attacked and do not even know it.”

Financial advisers face particularly heightened risks since they are privy to financial, medical and legal data of value relating to their clients, Mr Plummer said.

In order to raise awareness of the cyber security risks facing advisers, Mr Plummer performed a live hack on stage at the conference, in a publicity stunt aimed at warning the advice community.

The software boss initiated a “spear-phish attack” on the private computer of Thompson Financial Services director Phil Thompson, which had active antivirus software and a Windows firewall in place but did not have up-to-date Adobe flash, leaving him vulnerable to the on-purpose hack.

The “good samaritan” attack involved Mr Plummer creating a clone of the ASIC website and sending Mr Thompson a false email from his licensee advising him he was under investigation by the corporate regulator.

The attack highlighted the risks that advisers face and the sophistication of cyber criminals, who understand advisers will likely click on an email relating to ASIC.

He said advisers should ensure they update software when prompted, have “strong passwords” in place and seek advice from professionals if concerned.

In July, Midwinter launched Kamino, a cyber security ‘health check’ business for financial advisers.