Hackers gained access to a client's email account and used that to email their financial adviser to request the transfer of substantial funds.  The email, of course, was not truly sent by the client, although did originate from her email address - sent by the fraudsters.  Despite the quantum involved, that this was contrary the previous habits of face to face meetings, and that the investment provider warned the adviser that certain details of the proposed transfer to China couldn't be verified, the adviser proceeded with the payment.  The ombudsman found the adviser should have realised something wasn't right