The wealth and asset management division of Morgan Stanley, Morgan Stanley Wealth Management suffered a social engineering attack.
The customers were targeted as a result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity during a voice call to convince their targets into revealing sensitive information.
The hackers also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.
Morgan Stanley immediately disabled the accounts of all customers affected by these attacks and secured its systems.
TPRM report: https://scoringcyber.rankiteo.com/company/morgan-stanley-wealth-management
"id": "mor1341522",
"linkid": "morgan-stanley-wealth-management",
"type": "Cyber Attack",
"date": "02/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Morgan Stanley Wealth Management',
'type': 'Wealth and Asset Management Division'}],
'attack_vector': 'Vishing',
'description': 'Morgan Stanley Wealth Management suffered a social '
'engineering attack where customers were targeted through '
'vishing. Hackers impersonated a trusted entity during voice '
'calls to obtain sensitive information and electronically '
'transferred money using the Zelle payment service.',
'initial_access_broker': {'entry_point': 'Voice phishing',
'high_value_targets': 'Customers'},
'motivation': 'Financial gain',
'response': {'containment_measures': 'Disabled affected customer accounts and '
'secured systems'},
'title': 'Social Engineering Attack on Morgan Stanley Wealth Management',
'type': 'Social Engineering Attack',
'vulnerability_exploited': 'Human vulnerability through impersonation'}