AI Voice Impersonation Scams
One firm recently reported an incident involving an AI voice impersonation scam. A client received a fraudulent phishing call and briefly engaged in conversation before ending the call. Scammers were then able to use the short voice recording to generate AI-based voice calls impersonating the client.

This type of scam presents an emerging risk, particularly where instructions are provided verbally. Firms should ensure their processes are robust when handling ad hoc requests, particularly withdrawal instructions.

‍‍‍In-Person Fraud
Firms have also reported incidents involving in-person scams, particularly involving elderly clients.  

In several cases, individuals attended clients’ homes pretending to represent the bank and impersonating police officers. These scammers were able to obtain bank cards and policy information before leaving the property.

This highlights the importance of ongoing client education and ensuring vulnerable clients understand that legitimate financial institutions or advisers will not request sensitive information this way.

‍Invoice Interception Fraud
Some firms have also experienced invoice interception fraud. This is when legitimate invoices sent to clients are intercepted by hackers.  

In these cases, the firm sent a genuine invoice to a client. Shortly afterwards, a scammer sent a fraudulent “revised” invoice containing different bank details for payment.

In the instances reported to us, the clients identified the discrepancy and contacted the firm to verify the request before making payment. However, the fact that this has occurred across multiple firms highlights the risk of email interception and payment redirection fraud.

Firms may wish to consider reminding clients to always verify any changes to bank details directly with the firm using trusted contact details before making payments.

‍Compromised Client Email Accounts
Several firms have reported instances where client email accounts have been compromised.  

In these cases, firms received emails appearing to come from clients requesting withdrawals or asking for funds to be transferred to new bank accounts.

Where instructions are received electronically, firms should ensure that appropriate verification processes are in place. Some firms mitigate this risk by requiring two forms of confirmation before processing withdrawal requests. For example, where a request is received via email, firms may contact the client using the telephone number held on file to verify the instruction.

Given the rise of AI voice impersonation, firms should also remain vigilant when verifying requests by phone. While a voice may appear familiar, inconsistencies in communication or an inability to engage in normal conversation may indicate potential fraud.

Client Awareness and Additional Security Measures
Many firms are proactively discussing scams with their clients to increase awareness and encourage vigilance.  

Some are also considering implementing additional security measures such as client passwords or memorable phrases to provide an extra layer of authentication.

‍Key Considerations for Firms
In light of these examples, firms may wish to review their current processes and consider whether additional safeguards are appropriate. This may include:

• Ensuring robust verification procedures are in place for withdrawal and transfer requests

• Verifying client instructions using contact details held on file

• Remaining vigilant to emerging risks such as AI voice impersonation

• Considering additional authentication measures such as passwords or memorable phrases

• Continuing to raise awareness with clients about common scam tactics

Maintaining strong internal controls and promoting client awareness can significantly reduce the risk of firms and their clients becoming victims of increasingly sophisticated scams.

What to do if you’re worried about a potential scam
Firms suspecting a scam should act immediately to protect clients and assets. Key actions are:

• Halt any suspicious transactions

• Report to the FCA

• Notify the bank and insurers

• Advise affected clients to monitor accounts

Don’t forget that good compliance protects advice firms from fraud.  

Establishing a robust and proactive framework of internal controls, due diligence and regulatory adherence helps you detect, prevent and mitigate illicit activities.  

If it’s time to check if your compliance framework stands up to FCA scrutiny, download our whitepaper The Dawn of Positive Compliance; reassess your provision with the Adviser’s Guide to Switching Compliance Service; or give us a call.  

‍