A threat actor impersonates Morgan Stanley and steals client personal information

A threat actor impersonates Morgan Stanley and steals client personal information

https://www.bleepingcomputer.com/news/security/morgan-stanley-client-accounts-breached-in-social-engineering-attacks/

Exploit: Social Engineering (Vishing)
Morgan Stanley: Financial Services

risk-to-business-img-r1

Risk to Business: 1.721 = Extreme

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in a vishing attack. The company notified clients that on or around February 11, 2022, a threat actor impersonating Morgan Stanley gained access to their accounts by impersonating a Morgan Stanley representative and persuading those victims to provide the imposter their Morgan Stanley Online account info. After successfully breaching their accounts, the attacker also electronically transferred money to themselves using the Zelle payment service. No specifics have been given regarding the number of customers swindled, but the firm has stated that those clients were reimbursed.

risk-to-business-img-r1

Individual Impact:

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Brand impersonation is a rising risk that businesses and consumers need to be aware of. It always pays to check for authenticity before handing over your data.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.