Hackers gained access to a client's email account and used that to email their financial adviser to request the transfer of substantial funds. The email, of course, was not truly sent by the client, although did originate from her email address - sent by the fraudsters. Despite the quantum involved, that this was contrary the previous habits of face to face meetings, and that the investment provider warned the adviser that certain details of the proposed transfer to China couldn't be verified, the adviser proceeded with the payment. The ombudsman found the adviser should have realised something wasn't right
Ms Q received a letter from the provider of her investment bond, confirming £250,000 had been withdrawn. But she hadn’t made a withdrawal. Shocked, she phoned her financial adviser – who said he’d processed the transaction after arranging it with her by email.