Midwinter Financial Services has completed a live hack involving a clone ASIC website in a publicity stunt raising awareness of cyber security threats facing financial advisers.
At the AFA national conference on the Gold Coast today, Midwinter managing director Julian Plummer initiated a “spear-phish attack” on the private computer of Thompson Financial Services director Phil Thompson, in a bid to warn delegates of online criminal activity threats.
Mr Thompson’s computer had active antivirus software and a Windows firewall in place but did not have up-to-date Adobe flash, leaving him vulnerable to the on-purpose attack.
The “good samaritan” hack involved Mr Plummer creating a clone of the ASIC website and sending Mr Thompson a false email from his licensee advising him he was under investigation by the corporate regulator. The attack was aimed to highlight the risks that advisers face and the sophistication of cyber criminals, who understand advisers will likely click on an email relating to ASIC.
Financial advisers face particularly heightened risks since they are privy to financial, medical and legal data of value relating to their clients, Mr Plummer said.
“Advisers are a honeypot for hackers,” he told ifa following the hack. “There is no light that goes off when you have been hacked. There are likely advisers out there who have been attacked and do not even know it.”
Mr Plummer said recent visits to advice practices around the country made him realise that many are vulnerable to cyber crime, leading to the launch of Midwinter’s Kamino cyber security business.
He said advisers should ensure they update software when prompted, have “strong passwords” in place and seek advice from professionals if concerned.