It’s never been more dangerous to be an institutional investor with access to millions of dollars in investor money. Hackers are targeting these elite investors because these organizations are accustomed to transferring large sums of money, and are perhaps less likely to question an internal request asking to shift funds via wire transfer. This type of cyberattack often begins with a spoofed email that purports to be from a company officer or executive, with specific instructions for the transfer of funds. What the recipient of the email doesn’t realize is that they are essentially putting money right into the hands of cybercriminals, who are then able to quickly disappear with the funds if their ruse is successful. Since the attacks are combining everything from social engineering to find information about the targets, to email address spoofing and then often ransomware or malware attacks to gain access to systems — it’s becoming increasingly difficult to guard against these intrusions.

Cybercriminals Continue to Target High-Stakes Investors

Two of the most recent attacks were against the Kansas University endowment and Community Foundation of Texas, with all of the emails purporting to contain an encrypted message from a chief officer — which prompted the recipient to click the link and infect the systems. With access to millions of dollars in liquid funds and wire transfer protocols in place, this type of investment firm has everything needed to be a prime target for cyberattacks. A single click could have easily cost these organizations millions of dollars that it’s unlikely could be tracked or returned. Even with a range of cybersecurity protocols in place, it’s important to note that the ongoing vigilance of individuals is the best defense against this type of attack.

Ongoing Dangers of Business Email Compromise (BEC) Attacks

Cybercriminals are becoming more adept at encouraging individuals at all levels of an organization to click infected links or otherwise give up their personal identities. This can make a hack extremely difficult to spot because it’s a more sophisticated type of attack than a simple email spoof. You will likely see more organizations putting an alert line on external emails, noting that the email originated outside the organization. This is one of the quick indicators to help people be more aware of the emails that they receive and how they are handled. When combined with the vast amount of personal information available on the public internet, it’s surprising how quickly a hacker can infiltrate your organization. Business email compromise (BEC) attacks are often considered a “gateway drug” that gets hackers more deeply ensconced into your systems, allowing them deep levels of access to private or confidential client information.

Keeping your investment firm safe starts with robust cybersecurity strategies as well as comprehensive training that is provided to all staff on a regular basis. Cybercriminals are savvy in the ways of business and talented at digging into an organization to find exactly the right target before staging their attack. Don’t let your organization fall prey to these dangerous criminals — contact the cybersecurity experts at Coretelligent today at 855-841-5888 or via email to to schedule your free initial consultation. We have years of experience working with high net-worth individuals and organizations and have a solid strategy and set of solutions in place to provide exceptional protection for investment firms.

« »

Latest Insights / Articles