Fraudsters are infiltrating investor email accounts in order to scam brokerage firms, a Toronto law firm warns.

AUM Law, a law firm focused on the securities industry, issued a warning Thursday about an ongoing scam targeting the industry. It advises firms to be wary “any time a client asks you to transfer their assets to a bank account that you were not previously made aware of.”

According to an alert issued by the firm, a frequent scam involves a redemption request that appears to be from a client, which requests that the money be transferred to a previously unknown bank account. “The request will usually come from the client’s email account at a time when the client is out of town or otherwise unable to access their email for a period of time,” it notes.

And, the request will be initiated as part of a chain of previous correspondence that includes a signed redemption request that uses the client’s actual signature, and is followed by several more email exchanges that create the impression that the request is legitimate.

“This scheme is particularly disconcerting as the fraudster demonstrates an unusually high level of knowledge about the client’s personal information and is able to use that information to give the firm comfort through email that there is no fraudulent activity involved,” it notes.

The alert warns firms of the importance of maintaining up-to-date systems security, and to remain vigilant to possible intrusions on clients’ email accounts. To protect against this sort of fraud, it also recommends that firms “implement specific procedures in relation to redemption requests for new bank accounts”, including calling or meeting the client to confirm the request, or adhering to a policy of only transferring funds to accounts on file.

In the past, regulators have issued warnings to both investors and the industry about the threat of brokerage account intrusions and email hack attacks as possible fraud tactics.