Trust but Verify

Cybersecurity is an ever-growing concern not just industry wide but globally. While we can do our best to protect our systems, it’s also important to protect our clients as best we can with using the “trust but verify” mentality. Clients can be just as susceptible to email hacking or compromise as we are.

Many clients prefer email as their main form of communication, however there are some cases where we should follow up email requests with the client verbally or in person, if possible:

  • Withdrawal requests
  • Bank account updates for withdrawals
  • Email or phone number updates


Cybercriminals are a constant threat. If you ever have a feeling that something may be off, or that a request may not be valid, verify with the client.

Always contact the client at the number you have on file. Many times, criminals may try to update contact information via email so that they get access to client accounts with the new information, and the client may not be aware.

You may be able to recognize your clients voice over the phone, but if you do not, you can establish your own verification questions with the client or verify at least two of the below items with the client before completing the request:

  • SSN
  • DOB
  • Address
  • Value of Account
  • List a position in the account
  • Beneficiary name
  • Where is the account held


As a financial professional, you have a duty to your clients to be aware of these types of scams and protect them to the best of your ability. Trust that your client’s request is valid, but always verify.

Phishing Scams

Phone Spoofing

Heather Schumacher

Compliance Advisory Principal