Cybercrime is increasingly being directed at HNWs and family offices. Look to prevent it rather than hope to cure its often painful consequences, writes Effie Datson
‘You have an encrypted message from Simon, click this link to access your Dropbox account.’ During a business transaction, a family office representative received an email from their regular legal contact. Clicking the provided link, they inputted their email and password details on the standard Dropbox portal to access the message, but the session timed out and asked them to try again later. The email and the portal seemed to be authentic and given these things often happen, the representative didn’t think anything of it.
However, this was the start of a sophisticated fraud where the aggressors gained access to the family office’s email system and were able to ‘divert’ over £1 million in transactions before the hack was uncovered.
This is just one example of cyberattacks targeting HNWs. Yet, research suggests that over half of HNWs and family office members have never undertaken any cybersecurity and many wouldn’t know who to turn to in the event of an attack. And the problem is growing.
A growing cybercrime pandemic
The Covid-19 pandemic triggered a staggering rise in cybercrime, with the FBI reporting a record-breaking 791,790 cybercrime complaints last year. Social distancing measures shifted us away from our usual habits and work settings to create an environment where cyber threats were able to thrive and the overwhelming rise in cyber scams amounted to more than US$4.2bn in losses. If that figure wasn’t daunting enough, the number of complaints made by cyber victims jumped 69 per cent.
And cybercrime is increasingly being directed at HNWs and family offices. According to a Campden Research study, more than a quarter of UHNW families, family offices and family businesses, with an average wealth of US$1.1bn, have been targeted by a cyberattack.
It’s become apparent that cybercriminals often see HNWs and family offices as attractive targets as they have substantial assets but generally don’t have the same level of protection in place as a major corporation.
Sophisticated attack scenarios
Increasingly, cyber fraud is being used to infiltrate mailboxes. Such attacks not only harm the victim but can also form a platform from which to expand the attack using the victim’s network of contacts. Attacks like these can often appear to be authentic and trustworthy, as fraudsters use technology to reference known contacts or business entities. The emails themselves often look legitimate as they replicate the look and feel or well-known portals such as Outlook, Gmail and Dropbox.
The sophistication of these scams highlights the fact that when targeting HNWs, attackers are prepared to be patient, do their homework, and will go to extreme lengths to achieve their fraudulent aims.
So who are the cyber criminals and how do they operate?
Hackers are a surprisingly diverse group ranging from foreign governments seeking classified information to middle-aged mothers making ends meet and people in developing countries seeking to escape poverty. Hacking is their business and the scams they perpetrate can involve a lot of planning and research.
Spear-phishing is a form of socially engineered cyberattack. This is where the perpetrator will use information gathered about a person to pose as a trusted individual to scam their victim into clicking a link, downloading a file, or even transferring funds.
The hackers seeking such personal information often won’t target their victim directly but focus on the people around them who might not be so aware of security issues – their children, partner, PA, friends or even the friends of their partner and children. You’d be surprised at the level of personal detail that can be obtained from people’s social media accounts.
Not always about money
Cyber aggressors are also acutely aware that ultra HNWs often have considerable social standing, meaning victims might be targeted for reasons other than money.
State-focused entities may be less interested in a person individually than in their contacts, affiliations, political connections, and ability to influence others.
Hackers may also be employed by someone else. People who carry out this kind of activity are easy to find on the dark web – a major online market for criminal activity. For example, a business competitor might commission a cyberattack to sabotage a deal and inflict reputational damage. A tarnished reputation can arguably be more damaging than financial loss.
Prevention is possible
Despite the growing threat of cybercrime, most people have no cyber security in place and wouldn’t know who to turn to in the event of an attack. But while the online world may seem threatening, expert help is available.
Many people falsely believe improving their cybersecurity is purely a technology issue, or that support would lead to an invasion of privacy, and are put off by this. In reality, many of the necessary changes are behavioural and can have a large impact on risk reduction.
Simply put, the majority of cyber fraud can be avoided just by being more careful about the information we place about ourselves online. It’s also important to implement some basic security measures such as using strong passwords and up-to-date anti-virus software.
Taking measures to safeguard our physical assets is commonplace, but it’s time we do the same for our online protection. Cyber fraud can be very difficult to investigate. For this reason, people should look to prevent it rather than hope to cure its often painful consequences.
Effie Datson is global head of family offices at Barclays Private Bank
More from Spear’s