Fraudsters Actively Impersonating Financial Services Executives: Firms Should be on High Alert for Similar Attacks

Multiple firms have notified us that their executives and other employees are being impersonated in WhatsApp messaging scams that have caused significant financial harm to investors.

These impersonators have contacted a mix of active clients, prospective clients, and employees claiming to be senior members of the firm. After establishing their identity – likely using information that is publicly available through social media sites – they then will request payments for services, ask for banking information to provide refunds for losses, or request sensitive company information.

While it is too early to determine if these attacks are isolated incidents, or if they are part of a larger coordinated attack against financial services firms, all firms should be on high alert for impersonation attacks at this time.

Our guidance

While impersonation scams are not a new phenomenon, they have been on the rise since the end of 2024, often integrating phishing links to trick victims into sharing sensitive data and personal information. With the rise in popularity of messaging apps that make identity verification more difficult, like WhatsApp, Telegram, and others, it is becoming easier for cybercriminals to launch successful impersonation attacks.

While it is difficult to prevent impersonation attacks, firms can take steps to better protect their clients and staff, as well as their reputation:

• Raise employee and client awareness - Firms should remind clients and employees of the legitimate methods that will be used for communications, and provide clear steps to take if they receive messages through other channels. These steps would include:
  • Do not respond or otherwise engage with unsolicited messages on unapproved communications channels.
  • Contact individuals at the firm through known communication channels (e.g., the phone number listed on the firm’s website) to verify and report any suspicious communications.
  • Be extremely cautious of requests demanding urgent action or unexpected payments.
  • Contact law enforcement if you believe you are a target on an impersonation scam.
• Include impersonation attacks in incident response planning – Firms should prepare for impersonation attacks, including identifying appropriate tools and services that can recognize and take down sites and resources that are attempting to impersonate the company. These plans should also include notifying the appropriate federal law enforcement agencies and regulators, if appropriate.
• Review regulatory guidance around similar attacks – Impersonation attacks are common, and guidance has been issued by regulators about the proper steps firms should take in response to these attacks. One recent example is guidance issued by the Financial Industry Regulatory Authority (FINRA) in response to attempts to impersonate FINRA staff.

How we help

ACA Aponix^® can help your firm build your cybersecurity program to strengthen your line of defense against cyberattacks. Our services include:

• Aponix Protect^TM is a cybersecurity and technology risk management solution that helps you build a comprehensive risk management program tailored to your business needs.
• ACA Vantage for Cyber offers comprehensive cyber health monitoring for portfolio companies. It combines advisory services, ComplianceAlpha^® technology, and RealRisk assessments to provide insights, mitigate risks, and enhance your competitive edge.
• Aponix Business Continuity Plan (BCP) Assessment provides a comprehensive evaluation of your organization’s current preparedness for disruptions. It identifies critical business functions, assesses potential risks, and offers actionable recommendations to strengthen resilience.

Reach out to your ACA consultant or contact us to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.

Contact us