It is no longer just companies that are struggling with cyberattacks; American individual investors are also grappling with the increased risk of hackers taking over their investment accounts, according to a recent warning from U.S. regulators. The Financial Industry Regulatory Authority (FINRA), which oversees the brokerage industry, stated in a recent notice that it has "received an increasing number of reports related to customer account takeover incidents, which involve bad actors using hacked customer information, such as login credentials, to gain unauthorized access to online brokerage accounts."
The account takeover fraud has surged by nearly 250% from 2019 to 2020, according to Ari Jacobi, CEO and co-founder of cybersecurity firm Deduce. He noted that the market for preventing account takeovers is valued at $15 billion and is growing significantly, as reported by Market Watch and seen by "Al Arabiya.net."
FINRA pointed to two factors driving the increase in account takeover attempts. The first is the rapid growth in the use of online brokers and apps, allowing hackers to breach brokerage accounts using stolen usernames and passwords purchased from the dark web. It has become relatively easy for malicious actors to find login credentials, as many individuals use the same password combinations to access multiple accounts. The second factor is the COVID-19 pandemic.
FINRA noted in its regulatory memo, "Customer account takeovers have been an ongoing issue, but the reports received by the Financial Industry Regulatory Authority regarding such attacks have increased as more companies offer online accounts and more investors engage in transactions with these accounts." This trend is "partially due to the proliferation of mobile devices and apps, as well as reduced access to physical company locations due to the COVID-19 pandemic."
The Securities and Exchange Commission (SEC) is also closely monitoring this phenomenon and holding brokerage firms accountable for not monitoring fraudulent activity diligently. Last month, the regulator settled charges with GWFS Equities, a subsidiary of Great-West Lifeco, for failing to report suspicious activity related to the increasing attempts by bad actors to take over customer accounts.
The SEC stated that GWFS is keen to cooperate with the regulator to improve its reporting standards and that the company often was able to stop takeover attempts on its own. Experts recommend using different usernames and passwords for each online account or relying on what is known as a password manager.