Fairview Investment Services has seen an uptick in QR code phishing and offers tips for avoiding it.
“What happened?” North Carolina-based Fairview asks about the “uptick” in phishing reported by its clients.
Of course, it’s a rhetorical question. But there’s nothing rhetorical about the impact of an answer on the financial services industry.
Fairview Investment Services is a consultancy, based in Raleigh, that offers support for investment advisers and other financial institutions through five practice areas: compliance administration, cyber solutions, investment administration, performance services, and regulatory filings. The company recently issued a risk alert about phishing.
“There are several different forms of phishing that have emerged with the development of new kinds of technology and social media,” Fairview says. “In particular, quishing (QR code phishing) attempts have increased recently. It’s important for users to be aware of all the different forms of phishing to avoid potential threats.”
Fairview tells us that the “most effective way to avoid phishing forms is to avoid clicking a link, QR code, etc. Bookmark login pages for your commonly used accounts and use those rather than clicking through a link. Fake emails, texts, and voicemails have become sophisticated and appeal to users’ emotions. If something seems suspicious, it probably is.”
How do you tell if that wrong number or unfamiliar message is an attempt to hook you?
Fairview offers these helpful tips:
- “A message includes a request for information like your address, phone number, social security number, or other personal data.
- “A message … appeals to your emotions (i.e., you will lose access to your account if you don’t install this application).
- “Suspicious links or attachments … include misspellings or references to other platforms (i.e., a link to LinkedIn that includes no reference to LinkedIn).
- “Poor spelling and grammar may be included, but this is less common now as cybercriminals are becoming more sophisticated.
- “From an unlikely sender. Pay close attention to the sender field and avoid taking action directed by an unknown sender.”
“And remember: Never forward or reply to a suspicious email or text. Try to independently verify it or simply delete it. Use your firm’s reporting methods, such as using a phishing alert button to flag potential phishing emails for investigation and quarantine. Contact your IT provider with any questions,” according to Fairview.
Of course, if you need more help or more information, Fairview Cyber “offers turnkey solutions that address SEC requirements for cybersecurity,” Fairview’s “regulatory experts are available to answer any questions … regarding training, phishing, and vendor due diligence.”
Fairview also wants you to know that it has been providing “solutions to providers in the financial services industry since 2005,” when it was founded, and that it is “part of ViewPoint Partners, our employee-owned parent company for both Fairview and FilePoint, which provides regulatory reporting solutions for registered investment companies.”
More information is available at info@fairviewinvest.com
Need a Reprint?