Skip to content

Morgan Stanley client accounts breached in a phishing attack

  • by
  • 2 min read

The wealth and asset department of Morgan Stanley has reported that some of its customers had their accounts compromised in a voice phishing attack. The company maintains that its systems are secure and that the compromise was not a result of any action of Morgan Stanley Wealth Management.

Voice phishing, also known as vishing, is a social engineering attack where the threat actor impersonates a trusted entity (in this case, Morgan Stanely) and tricks the target into handing over sensitive information, more often than not, account credentials.

Once the threat actor had the accounts compromised, they electronically transferred the funds into their bank account using Zelle, an online payment service.

In the News: Honda vulnerability lets hackers unlock and start your car remotely

Morgan Stanley remins secure

The company has blocked the victims’ accounts and has issued a notice acknowledging the attacks. The company also stated that there was no data breach or information leak from the company’s side and that the attacks are entirely in between the threat actor and the targets. 

What is phishing? Types of phishing scams and how to protect yourself?

The targets potentially had the f0llowing information exposed:

  • Name
  • Address
  • Account number(s)
  • Trusted contacts’ name, address and phone numbers.

The targetted accounts were flagged to the company’s Customer Call Center requiring any callers to give out additional verification. Morgan Stanley is also offering the victims 24 months of free credit monitoring services through Experian.

The service alerts users of changes in their credit profile and informs them when new credit applications are made in their name. Additional benefits include insurance against “certain losses” caused by identity theft. 

In the News: Android app with over 100,000 installs found stealing Facebook credentials


Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: [email protected]