5 red flags: how to help your clients avoid financial scams

Scams are becoming increasingly sophisticated. Here’s how to protect yourself and your clients.

More than 600,000 Australians reported a scam in 2023, collectively losing over $2.74 billion. Lured by too-good-to-be-true investment opportunities or under pressure from fake fraud report calls, high net worth advised clients are among the growing numbers of investors being hooked by scammers.

The individual losses can be significant. In one case, a client responded to a social media advertisement that appeared to be from a well-known bank offering a high-interest term deposit. He received a call from a banker, received a rates summary, completed the application, and was emailed a client number and instructions on how to transfer funds.

The entire experience looked legitimate to the investor, so he made two transfers totalling $2.6 million. It was only after the transfer had gone through that he realised he could no longer access the bank portal.

His money was gone, and it could only be partially recovered.

No adviser wants to see their client deal with this kind of scenario. Here’s how you can help your team and your clients identify red flags, and keep your clients’ finances secure.

Warning signs: five ways scammers lure investors

Scammers use advanced technology and social engineering tactics to create completely believable opportunities or threats. Here are five common financial scams.

1. Investment and crypto scams

In 2023, Australians lost $1.3 billion to investment scams. Enticed by a low-risk, high-return offer, they might start with a small investment and keep adding more as they see ‘instant’ returns in their portfolio. It’s only when they try to withdraw funds that they realise the platform is fraudulent – typically around six months later once the investment lifecycle is complete. Crypto scams are a subset of investment scams, and they are harder to trace.

Tell your clients: Don’t respond to an advertisement or cold call. Before deciding on an investment, check with ASIC that the company is licensed to offer investments, and independently verify their contact details before you engage with them.

2. Money recovery scams

Once a client has been a victim of an investment scam – particularly a crypto scam – their details may be sold on the dark web to money recovery scammers. The client may then receive targeted communication promising to recover that lost investment – for a fee. This can lead to threatening behaviour or blackmail, putting already vulnerable clients under further stress.

Tell your clients: Be extra vigilant, especially if they’ve already been scammed. If someone is putting you under pressure to transact, just hang up. Legitimate fund recovery services exist, however, victims should approach them with caution and independently verify their contact details. 

3. Payment redirection scams

Weak passwords can make business email accounts easier to compromise, enabling a scammer to amend invoices or payment instructions sent via email and redirect funds into their own account. For example, a client might receive property settlement instructions from their solicitor, or an adviser might receive an email from a client requesting an urgent payment to a new account. It’s important to check first if those emails are legitimate.

Tell your clients: Speak directly to a known contact to verbally verify their instructions if a payment is required urgently or the details are inconsistent with previous transactions. And never use the contact details included on an email, as they might lead to the scammer.

4. Remote access scams

If a client receives a call from a familiar organisation, such as a telco, technology provider, or the Australian Federal Police, they might be convinced to share their screen to ‘fix’ a fake security issue, check system errors or internet connection problems. 

The scammer will coerce the client to download remote access software onto their device, and then direct the client log into their internet banking account. From there the scammer will gain control of the device and proceed to action fraudulent transactions.

Tell your clients: Do not give any third party or cold caller remote access to your devices, and never share your login details or authentication rolling codes. It’s the digital equivalent of handing them your passport or the keys to your house.

5. Bank impersonation scams

Some scammers will impersonate a fraud analyst from the client’s bank, and use fear to coerce them into re-setting their online banking passwords and authorising transactions. The client will believe they are simply cancelling a pending fraudulent transaction.

Tell your clients: Macquarie Bank will never ask you to transfer funds to ‘protect you from fraud,’ share secure codes from your Authenticator app, or ask you to download remote access software. Always check what you are authorising before you accept a push notification.

“Scammers are very good at social engineering,” says Ashwin Sinha, who leads Macquarie’s data team as Chief Data Officer, and is responsible for its real-time fraud-detecting systems – which include machine learning and biometric capture.

“The client will genuinely believe their story, and that the payment or request is legitimate. It becomes very hard for their financial adviser or bank fraud team to convince them otherwise and prevent that loss.”

Proactive protection in Authenticator

If a client calls to complain Macquarie Bank has put a stop on their transaction, pay attention. Macquarie’s fraud detection systems analyse millions of transactions every day, and if those protocols raise a red flag, you should also be concerned.

“Protecting the customer is paramount for us,” says Luis Uguina, who is responsible for secure digital transformation as Chief Digital Officer. “We are in a race against the bad actors, who are quickly discovering new ways of scamming customers. That’s why we see having every adviser and every customer using Macquarie Authenticator as a strong weapon to fight fraud.”

Traditional SMS authorisation codes are prone to evolving attacks such as SIM swaps, and other third-party authenticator apps on the market can’t provide you with detailed information about what you are authorising.

“The difference with Macquarie Authenticator is it makes clear what you are approving. The push notification provides clear details on the amount of money initiated from one specific account to another,” explains Uguina. This transparent process can also help older investors, with Australians aged 65 and over disproportionately impacted by investment scams.

Prepare for future fraud

Last decade, digital transaction design focused on creating a frictionless experience. And while Macquarie Authenticator’s customer experience and functionality is continually improving, clients should expect a little bit of extra effort when setting up new accounts or authorising significant transactions.

Macquarie Authenticator is now the default verification method for logging into Adviser Online. Advisers can also take further steps to safeguard their clients – such as ensuring each user has an individual Macquarie login and setting up protocols for verbal verification of unusual client requests.

New risks are emerging, including the potential for AI-generated deep fake fraud. In the near future, a combination of three-factor authentication, biometric capture and behaviour analysis will be used to protect clients from increasingly advanced scams.

Ultimately, a critical fraud-prevention strategy is to help your clients be aware. Remind them to apply common sense when they see an investment that looks too good to be true, and be vigilant to unexpected calls or emails. The financial and emotional consequences of mis-placed trust just aren’t worth the risk.

Learn more about Macquarie Authenticator for advisers and share our dedicated client page with your clients.  

If you are worried about a suspected fraud or data breach, visit our website