Security News > 2022 > March > Morgan Stanley client accounts breached in social engineering attacks
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks.
The company said in a notice sent to affected clients that, "On or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.
The Morgan Stanley division added that it disabled the accounts of all customers affected by these attacks and that its systems "Remain secure."
"Your Morgan Stanley Wealth Management account has been flagged to our Customer Call Center so that any callers into the Call Center will be prompted with additional verification. Your previous Morgan Stanley Online account was also disabled."
Morgan Stanley provides recommendations on how to defend against vishing attacks and other types of social engineering scams, advising customers not to answer calls from phone numbers they don't recognize.
Morgan Stanley disclosed a data breach in July 2021 after the Clop ransomware gang stole personal information belonging to its customers by hacking into the Accellion FTA server of Guidehouse, one of Morgan Stanley's third-party vendors.