A new wave of social engineering attacks has been targeting Morgan Stanley client accounts as Morgan Stanley’s wealth and asset management subsidiary claims.

Morgan Stanley Client Accounts Compromised by Social Engineering: What Happened

Hackers have used a known social engineering technique called vishing (voice phishing) to breach customer accounts at Morgan Stanley. Vishing means that threat actors pose as reputable businesses over the phone. Their goal is to persuade their potential victims to expose or pass over sensitive data like log in or banking credentials.

As you are aware, on or around February 11, 2022, you were contacted by a bad actor claiming to be with Morgan Stanley. The bad actor was able to obtain information relating to your Morgan Stanley Online account, subsequently accessing this account and initiating unauthorized Zelle payments.


What Security Measures Has Morgan Stanley Implemented?

The company’s division under discussion said in the released document on this topic that accounts belonging to impacted customers were disabled and assured the audience that the enterprise’s systems “remain secure”.

They acknowledge that this cyberattack was not caused by any action of  Morgan Stanley Wealth Management.

As the statement further reads,

Your Morgan Stanley Wealth Management account has been flagged to our Customer Call Center so that any callers into the Call Center will be prompted with additional verification. Your previous Morgan Stanley Online account was also disabled.


What Data Might Have Potentially Been Leaked?

According to the company, the data related customer accounts involved in this breach included:

  • Name
  • Address
  • Numbers of accounts
  • Name, address, and phone number linked to the account’s trusted contacts

What Can You Do About It?

The enterprise advises customers to follow the below three main steps against vishing:

Demand a Credit Report

This will help you with having a proper overview of your account statement and also helps you monitor your free credit reports.

Use Credit Monitoring Services

This provides you with protection against identity theft as well as services on credit monitoring by means of Experian.

Check Out the Reference Guide in Their Statement

The reference guide is meant to give you data and advice from the US. Federal Trade Commission on how can you implement personal data protection.

What Is Morgen Stanley?

Morgan Stanley is a worldwide investment bank and financial services firm located in Midtown Manhattan, New York City. The firm’s clientele includes organizations, governments, institutions, and people. It has offices in more than 42 countries and over 60,000 employees.

General Tips to Prevent Vishing Attacks

  • Avoid talking to robots: do not answer an unknown call, you might just let the voice mail comes into play and listen to the message after;
  • Hang up if the call seems suspicious or check the sender’s name and language and tone if answering it;
  • Sensitive data should never be shared over the phone;
  • Ask the caller to prove their identity.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

What Is Social Engineering?

What Is a Data Breach and How to Prevent It

The Complete Guide to Business Email Compromise (BEC) and How to Prevent It

Leave a Reply

Your email address will not be published. Required fields are marked *