Personal legacy planningDigital fraud protection: Strategies for safeguarding your assets from online scams and cybercrime

Cybercriminals understand just how sensitive online financial data is, and they’re continually developing new ways to exploit these vulnerabilities.  In 2022, there were 1,774 data breaches in the U.S, impacting over 392 million victims.¹

Family offices and individuals with significant wealth may be especially vulnerable to cybercrime, identity theft, fraud and other crimes centered on using stolen information for no good, according to Chris Peary, senior vice president and head of private banking with Ascent Private Capital Management.

“Knowing that the end payoff may be greater, criminals will set their sights on these larger targets,” he says. And with more assets and accounts to keep track of, regularly monitoring smaller transactions may be difficult.

Most cybersecurity experts will tell you that it’s not a matter of if you’ll become a target, but rather when it will happen. “A bad actor will figure out that you’re a person or family of means and try to exploit that for their own good,” says Peary. “They may use social media to infiltrate your organization, launch a phishing campaign that fools the recipients into thinking the emails are legitimate correspondence from a financial institution or masquerade as part of your financial team.”

Wealthy individuals and family offices may also receive ransomware requests, become victims of identity theft or create potential security risks by using open networks, public hotspots and/or unverified mobile applications. Anytime someone signs into a site or uses an application that sends unencrypted data over a network, bad actors can capture and use the confidential or sensitive data.

Unfortunately, these are problems that aren’t just going to go away on their own. Individual criminals are getting more sophisticated with their attacks, and certain nation-states regularly back cybercrimes. One report found that 86% of respondents believe they have experienced a cyberattack by an organization acting on behalf of a nation-state, with each incident costing the victims more than $1 million.²

“Clearly, we’re not just talking about a couple of unaccounted-for $30 charges on your credit card,” Peary says. “The scams that wealthy individuals and family offices may experience go beyond occasional inconveniences. The bad actors do their research and homework, and they’re very patient.”

“The scams that wealth individuals and family offices may experience go beyond occasional inconveniences. The bad actors do their research and homework, and they’re very patient.”

- Chris Peary, Head of Private Banking, Ascent Private Capital Management

For example, cybercrime starts with infiltrating high value targets such as a family office’s computer systems using phishing emails and patiently combing through thousands of emails until they find a way to exploit the organization.

Targeting high value targets with wire fraud and phishing

One area of concern for individuals is preventing wire fraud, a particular problem for anyone who invests in real estate. A cybercriminal who knows that a deal is closing on Monday, for example, may send a fraudulent email that includes down-payment wiring instructions and urgent messaging about how the seller is going to “find a new buyer” if the payment isn’t sent by the Friday before closing.

“In reality, no one needs money that fast,” Peary says. “It can always be wired on the morning of the closing.”

He advises that even if the wire instructions appear to be from a legitimate title company or other sender, you should call them back and ask them to walk you through the steps and to verify the account numbers. This is important, because once money is wired out—and especially if the funds are going to another country—getting it back will be next to impossible.

Phishing is another entry point that can happen the second a family member or employee clicks on a link in an email or, in some cases, hovers over an “invisible” link that’s embedded in the message.

To avoid phishing, never click on a website link from a suspicious email. If you’re being instructed to log into your account, don’t do it. Instead, go to the website or app and log yourself in.

7 cybersecurity steps to take now to avoid digital fraud and online scams

Here are seven more steps you can take to protect your assets from cybercriminals who may be targeting your family and/or your family office:

1. Stick to secure Wi-Fi. Never check bank accounts or access financial-related websites when using public Wi-Fi in an airport lounge or other venue. And always use encryption on your laptops and other devices.
2. Use strong passwords. Change them often, and don’t share them with anyone. Use a combination of letters, numbers and symbols. When it’s available, be sure to set up 2-step authentication for online accounts. That way, you’ll be alerted immediately if someone is trying to access your accounts.
3. Install antivirus software on all computers. Keep that software current by updating it regularly.
4. Be wary of downloads. Don't download and/or install any software or files that you don't trust or that may seem questionable.
5. Family offices should use robust treasury management systems. U.S. Bank uses SinglePoint, which eliminates the need for paper, faxes or written notes for storing or sharing sensitive account information. SinglePoint also provides corporate-level security. For example, by using Positive Pay, no checks can be cashed until their validity is verified and recipients can’t “scrub” a check (for example, by adding an extra zero to the amount).
6. Reconcile cash accounts daily. Pay attention to any unexpected transactions that may be the result of a cybercrime.
7. Hire a reputable IT consultant to build and maintain your family office’s infrastructure. This person should be responsible for digital fraud protection by facilitating audits and identifying issues with your system. This should be done on a regular basis, knowing that bad actors will patiently wait for the right time to exploit a potential weakness.

There are many different online scams and vulnerabilities that hackers are waiting patiently to exploit in hopes of a major financial windfall. And while you may not know where the next digital fraud threat will come from, by taking these steps to prevent cybercrime, you’ll be better prepared to identify and avoid online threats before they happen.

Learn more about how Ascent works with and supports clients.

1. Annual Data Breach Report. Identity Theft Resource Center.
2. In the Crosshairs: Organizations and Nation-State Cyber Threats. Trellix Global Threat Research.