Wealthy individuals and family offices may also receive ransomware requests, become victims of identity theft or create potential security risks by using open networks, public hotspots and/or unverified mobile applications. Anytime someone signs into a site or uses an application that sends unencrypted data over a network, bad actors can capture and use the confidential or sensitive data.
Unfortunately, these are problems that aren’t just going to go away on their own. Individual criminals are getting more sophisticated with their attacks, and certain nation-states regularly back cybercrimes. One recent report found that 86% of respondents have experienced a cyberattack by an organization acting on behalf of a nation-state, with each incident costing the victims more than $1 million.2
“Clearly, we’re not just talking about a couple of unaccounted-for $30 charges on your credit card,” Cowan says. “The scams that wealthy individuals and family offices may experience go beyond occasional inconveniences. The bad actors do their research and homework, and they’re very patient.”
“The scams that wealth individuals and family offices may experience go beyond occasional inconveniences. The bad actors do their research and homework, and they’re very patient.”
- Patrick Cowan, Chief Banking Officer, Ascent Private Capital Management
For example, cybercrime starts with infiltrating high value targets such as a family office’s computer systems using phishing emails and patiently combing through thousands of emails until they find a way to exploit the organization.
Targeting high value targets with wire fraud and phishing
One area of concern for individuals is preventing wire fraud, a particular problem for anyone who invests in real estate. A cybercriminal who knows that a deal is closing on Monday, for example, may send a fraudulent email that includes down-payment wiring instructions and urgent messaging about how the seller is going to “find a new buyer” if the payment isn’t sent by the Friday before closing.
“In reality, no one needs money that fast,” Cowan says. “It can always be wired on the morning of the closing.”
He advises that even if the wire instructions appear to be from a legitimate title company or other sender, you should call them back and ask them to walk you through the steps and to verify the account numbers. This is important, because once money is wired out—and especially if the funds are going to another country—getting it back will be next to impossible.
Phishing is another entry point that can happen the second a family member or employee clicks on a link in an email or, in some cases, hovers over an “invisible” link that’s embedded in the message.
To avoid phishing, never click on a website link from a suspicious email. If you’re being instructed to log into your account, don’t do it. Instead, go to the website or app and log yourself in.
7 cybersecurity steps to take now to avoid digital fraud and online scams
Here are seven more steps you can take to protect your assets from cybercriminals who may be targeting your family and/or your family office:
- Stick to secure Wi-Fi. Never check bank accounts or access financial-related websites when using public Wi-Fi in an airport lounge or other venue. And, always use encryption on your laptops and other devices.
- Use strong passwords. Change them often, and don’t share them with anyone. Use a combination of letters, numbers and symbols. When it’s available, be sure to set up 2-step authentication for online accounts. That way, you’ll be alerted immediately if someone is trying to access your accounts.
- Install antivirus software on all computers. Keep that software current by updating it regularly.
- Be wary of downloads. Don't download and/or install any software or files that you don't trust or that may seem questionable.
- Family offices should use robust treasury management systems. U.S. Bank uses SinglePoint, which eliminates the need for paper, faxes or written notes for storing or sharing sensitive account information. SinglePoint also provides corporate-level security. For example, by using Positive Pay, no checks can be cashed until their validity is verified and recipients can’t “scrub” a check (for example, by adding an extra zero to the amount).
- Reconcile cash accounts daily. Pay attention to any unexpected transactions that may be the result of a cybercrime.
- Hire a reputable IT consultant to build and maintain your family office’s infrastructure. This person should be responsible for digital fraud protection by facilitating audits and identifying issues with your system. This should be done on a regular basis, knowing that bad actors will patiently wait for the right time to exploit a potential weakness.
There are many different online scams and vulnerabilities that hackers are waiting patiently to exploit in hopes of a major financial windfall. And while you may not know where the next digital fraud threat will come from, by taking these steps to prevent cybercrime, you’ll be better prepared to identify and avoid online threats before they happen.
Learn more about how Ascent works with and supports clients.
1. Annual Data Breach Report. Identity Theft Resource Center.
2. In the Crosshairs: Organizations and Nation-State Cyber Threats. Trellix Global Threat Research.