The wealth and asset department of Morgan Stanley has reported that some of its customers had their accounts compromised in a voice phishing attack. The company maintains that its systems are secure and that the compromise was not a result of any action of Morgan Stanley Wealth Management.
Voice phishing, also known as vishing, is a social engineering attack where the threat actor impersonates a trusted entity (in this case, Morgan Stanely) and tricks the target into handing over sensitive information, more often than not, account credentials.
Once the threat actor had the accounts compromised, they electronically transferred the funds into their bank account using Zelle, an online payment service.
In the News: Honda vulnerability lets hackers unlock and start your car remotely
Morgan Stanley remins secure
The company has blocked the victims’ accounts and has issued a notice acknowledging the attacks. The company also stated that there was no data breach or information leak from the company’s side and that the attacks are entirely in between the threat actor and the targets.
The targets potentially had the f0llowing information exposed:
- Account number(s)
- Trusted contacts’ name, address and phone numbers.
The targetted accounts were flagged to the company’s Customer Call Center requiring any callers to give out additional verification. Morgan Stanley is also offering the victims 24 months of free credit monitoring services through Experian.
The service alerts users of changes in their credit profile and informs them when new credit applications are made in their name. Additional benefits include insurance against “certain losses” caused by identity theft.
In the News: Android app with over 100,000 installs found stealing Facebook credentials