Cyber criminals are constantly looking for nefarious ways to steal data and commit fraud, and that can put a particular target on individuals with a high net worth. It takes a concerted effort by both consumers and service providers to ensure a safe environment for online activity and transactions.
Anyone, regardless of their financial means, can be a target of fraud. But individuals with significant wealth can face specific challenges or have unique circumstances that make them attractive targets for cyber criminals. While wealth overall is attractive for bad actors, high-net-worth individuals may also be more visible in the public eye or have information about themselves more publicly available than most others. Additionally, wealthy individuals or families often have complex financial arrangements requiring touchpoints from multiple individuals.
Familiarize Yourself with Common Fraud Schemes
Since fraud attempts are becoming quite sophisticated, it’s important to understand the three most commonly used methods by attackers: smishing, vishing, and phishing and how they can be specifically targeted toward high-net-worth individuals.
Smishing – is where an attacker sends a text message to a mobile phone, prompting the recipient to click a link or call a telephone number for more information. If the link is clicked, malicious software is downloaded onto the recipient’s phone to potentially steal personal and financial information, access accounts, or cause financial or reputational harm.
Smishing attacks can come from anyone, but common scams may attempt to mimic communication you might receive from a financial institution or authority figure like a government agency.
Vishing – takes place when an attacker uses the telephone to gain access to sensitive information (credit card numbers, employee IDs, etc.) for financial gain. The criminal usually poses as someone they are not, such as another employee or technical support person.
Common vishing schemes may attempt to impersonate an organization like the Internal Revenue Service, or a more personal connection like a family member or friend in an emergency situation. Increasing sophistication of artificial intelligence is further complicating the threat of vishing, as cyber criminals are better able to mimic authentic voices and conversations.
Phishing – comes in the form of a fraudulent email that encourages recipients to click on a link and provide personal data, such as bank information, social security numbers, account numbers, passwords, etc. Often the subject lines are designed to entice the receiver with an interesting headline, timely topic or an “urgent” request.
Fraudsters are increasingly targeting high-net-worth individuals or executives through highly personalized fraudulent emails in a scheme known as “whaling.” Whaling attempts to access sensitive financial information or account transfers by mimicking official correspondence from colleagues, customers, or other known senders.
Cyber criminals continue to evolve new attack methods. Be alert for two emerging tactics used to target unsuspecting victims: quishing and cryptocurrency investment fraud.
Quishing – is a fraud scheme where a cyber criminal creates a fake QR code that is used to redirect victims into visiting a malicious website that prompts them to enter their personal or financial information. QR codes are the latest method cyber criminals are exploiting to trick the recipient into believing they are entering their private information into a legitimate website, when in fact, they are providing their information directly to the bad actor.
Quishing is an appealing scam to cyber criminals because it is easier to generate and distribute a fake QR code rather than to set up a widespread targeted phishing scam. Unlike a phishing scam, most people can't easily differentiate a genuine QR code from a malicious one.
Cryptocurrency investment fraud – a long-term scam with devastating losses. In cryptocurrency investment fraud, or “pig butchering,” cyber criminals convince victims to invest large sums of money via fake cryptocurrency exchange websites, only to steal the funds from their victims.
Although “pig butchering” may sound off-putting, it's the FBI's official name for cryptocurrency investment fraud. Due to the nature of the scheme — convincing victims to invest increasingly large amounts on fake trading platforms before taking off with the money — the scam is likened to the practice of farmers fattening hogs before slaughter.
Being Proactive and Staying Vigilant is Key to Online Safety
Understand what information about you is accessible. There are many reasons cyber criminals choose to prey on wealthy individuals, not least of which is their wealth. But one primary factor is the amount of information that may be available to scammers in the public domain. Businesses, financial transactions, and charity events can call attention or provide relevant information to scammers. Additionally, social media profiles and activity can provide bad actors a glimpse into hobbies, photos, or family members that can provide valuable details to aid their efforts to craft convincing attacks.
Those efforts can also extend to family, colleagues, and staff. It’s important to employ strong account security practices both personally and professionally, and to provide education on cybersecurity risks and fraud prevention to family members and staff to stay protected.
Where you have the option, enable multi-factor authentication. This adds another layer of security besides just using your password. It may be a one-time use code sent to your phone, fingerprint or facial recognition, or a security question that must be answered. Make sure that your security questions do not have answers that can be easily found online.
Don’t use the same password for all your online accounts. If your password is stolen for one account, it puts all the others at risk, as well. Passwords for your most sensitive information, such as your PNC Bank online account, should be unique to each account.
Instead of a password, consider using a passphrase. Passphrases are longer than passwords and their added length can help increase the complexity, making them more difficult to crack.
Learn to Identify Fraudulent Emails, Texts or QR Codes from Phishing, Smishing, Vishing and Quishing
Often the easiest way for a cyber criminal to steal your information is to trick you into sharing it with them.
Huge volumes of fraudulent emails, text messages and phone calls are sent daily in the hope that at least a few of them will reach a cooperative, unsuspecting target. These fraudulent communications will often look official and will appear to have come from a trusted source. However, there are warning signs to watch out for that can indicate if a message is a scam.
Do you know the person who sent you the message? The source of an email or text message can easily be forged, making it seem that a request is coming from someone you know and trust. If something seems off or if the sender is asking for money or personal information, contact them directly (and through a different method of communication than the original message) to confirm the message came from them.
Does the message create a sense of urgency? Criminals will often try to rush you into making an unwise decision. An example of such a message may read, “confirm your login details in the next 24 hours using the link below or your account will be suspended.” Always take the time necessary to think through your response to a message and confirm the legitimacy of such a request through an official channel.
Does the offer seem too good to be true? If it does, it probably is a scam. Treat any messages announcing you’ve won money, a prize or the opportunity to purchase an item at a significant discount as suspicious.
Does the message ask you to click on a link or open an attachment? Be particularly wary of emails from people or organizations you don’t know urging you to click on a link or open an attachment. Doing so can lead to malware being installed on your device. Proceed with caution.
Does the message ask you to scan a QR code?
As QR codes become more common in daily transactions, utilize these tips when scanning a code:
- When scanning a physical QR code, check to determine that it has not been tampered with, such as a sticker has not been placed on top of the original code.
- Check the URL to make sure the code is sending you to the intended site and that the site looks authentic. Look for typos or misplaced letters in the URL.
- Exercise caution when entering your personal or financial information on a site accessed via a QR code. Avoid making payments through a site provided by a QR code; manually enter a secure URL to complete a payment.
- Do not download an app from a QR code. Instead, search for the app via your device's app store. Additionally, do not download a QR scanner app, as most smartphones are able to scan QR codes via the camera function.
- If you receive a QR code from someone you know, reach out to them through a known number or address to verify that they sent you the code.
Did you receive a telephone call asking you for personal and/or financial account information? It’s prudent to remain aware and vigilant. If you receive a call and it just doesn’t feel right, trust your instincts. Hang up and call the customer service line direct from their official company website. Call this known number to confirm the caller’s identity, purpose and/or other credentials.
Additional Help
While taking responsibility for your own safety from cyberfraud is important, if you feel that you need additional help safeguarding your information, you may consider a cybersecurity concierge service that can monitor for threats, alert you to changes in credit reporting, or monitor where your personal information is being posted online. For those with particularly complex finances or a higher net worth, it may even be worth considering personal cybersecurity insurance. Cybersecurity insurance, which is generally available as an add-on to homeowners’ insurance, can help protect against financial loss from cybercrime.
Taking Action and Being Observant Can Keep You Safe Online
The first step in protecting yourself online is to know you could be a potential target and recognize threats. The next step is to follow through on the many available tips and guidelines, including those in this article. Set up your defenses, then continue to monitor for new dangers and potential security breaches. Finally, be prepared to act if you think your data has been compromised.
