One thing to keep in mind – when a client’s identity has been stolen, email hacked or hijacked or their passwords have been compromised – this information should be documented in the client’s file. This is considered a “red flag” – something to document and keep in mind when receiving instructions from the client. If instructions are received via email – how do you verify that it is the client?
1. Call them to verify – at one of the numbers you have in your file. Don’t call them on a number in the suspect email.
2. If you don’t know clients by voice – set up a passcode that they give you when you call to verify.
Talking with one client today – we decided that the documentation of a client whose email had been hijacked would be to put FRAUD ALERT next to their name in the CRM and then document the why in the notes.