Fiduciaries need to take cybersecurity seriously

07 July 2021

7 minute read

Key points:

  • Cybercriminals are increasingly targeting high-net-worth individuals, whose advisors and service providers could themselves be at risk of cyber fraud
  • The staggering rise in the number of cyberattacks during the pandemic means fiduciary managers should consider how best to protect themselves and their clients from cybercrime
  • Most cyber fraud can easily be avoided, and expert help is available to support your firm in implementing cybersecurity measures

A client receives an email from their lawyer asking for a payment to be made as quickly as possible to secure a house purchase. Nothing unusual there: the client knows it’s a time-sensitive deal and is eager for the payment to be made right away, instructing Barclays to do just that. But Barclays and the client’s fiduciary spot something strange: the solicitor is asking the client to pay the funds into a different account to the one into which the previous payment had been made.

Just to be on the safe side, the fiduciary phones the lawyer to check the payment details. And this turns out to be the right decision: the lawyer confirms that the payment details are incorrect. It soon becomes clear that the email had been intercepted by cybercriminals looking to divert the funds into their own account. A £4.2 million fraud attempt had been thwarted. Huge sighs of relief all around.

This is just one example of the kind of cyberattacks aimed at all sorts of individuals and companies. What’s more, cybercriminals may see financial service providers as particularly attractive targets due to the scale of the assets they look after and the wealth of their clients.

A cybercrime pandemic

The COVID-19 pandemic triggered a staggering rise in cybercrime, with the FBI reporting a record-breaking 791,790 cybercrime complaints in 20201. Social distancing measures forced us away from our usual work settings into our home environments, whose relatively lax online security represented rich pickings for cybercriminals. The result? Cyberscams led to more than US$4.2 billion in losses1 last year and the number of complaints made by cybercrime victims shot up by 69%1.

Cybercrime is increasingly being directed at high-net-worth individuals and their service providers. According to a Campden Research study, more than a quarter of ultra-high-net-worth families, family offices and family businesses, with an average wealth of US$1.1 billion, have been targeted by a cyberattack2.

Adele Bohlen, Head of Fiduciaries at Barclays, says: “We’ve seen a significant increase in the number of fraud attempts with people working from home over the pandemic. Fiduciaries need to take the threat seriously because any breach could seriously damage their reputation as well as having a devastating impact on the clients who trust them to look after their assets. The good news is that it’s possible to minimise the threats by taking appropriate steps”.

Sophisticated attack scenarios demand a cautious approach

Barclays has partnered with XCyber, a specialist intelligence company with state-grade cyber security expertise, to provide its clients with access to specialist cyber security solutions.

XCyber Director Peter Moreman explains that the kind of techniques in the example of cyber fraud above are increasingly being used to perpetrate crime. He cautions, “These attacks not only affect the victim, but also form a platform from which to expand the attack using the victim’s network of contacts. Such attacks generally appear to be authentic and trustworthy by referencing known contacts or business entities and replicate well-known and widely used portals such as Outlook, Gmail and Dropbox.”

The sophistication of many scams shows that attackers are prepared to be patient, do their homework and go to extreme lengths to achieve their fraudulent aims. As well as targeting high-net-worth individuals directly, they often use the information they glean about them, which is often readily available in the public realm, and target their service providers by pretending to be their wealthy clients.

XCyber’s Moreman emphasises the need for more online caution: “In your role as your clients’ fiduciary, you have a duty to do everything in your power to protect their assets and act in their best interests. With the number of cyberattacks increasing sharply, that means educating your clients about how to minimise cyber risks as well as having systems and procedures in place to prevent falling victim to cybercrime at your own organisation”.

Fiduciaries can be targets in their own right

Cybercriminals may target fiduciaries not just because of who their clients are, but for their own money. For example, in one case, an employee at a fiduciary opened an email at work and clicked on a link that contained malware. The malware infected the firm’s computer system and encrypted all its files, which meant they couldn’t be accessed by any of the firm’s employees. The criminals contacted the company, giving it 24 hours to pay thousands of pounds in bitcoin to unlock its systems.

The company contacted Action Fraud, which advised them not to pay the ransom. While the firm was eventually able to restore its machines, it lost a number of important files as they were not fully backed up.

Prevention is possible

Despite the growing threat of cybercrime, many firms have little cybersecurity in place and wouldn’t know who to turn to in the event of an attack. But while the online world may seem threatening, expert help is available.

Many firms erroneously believe that improving their cybersecurity is purely a technology issue, or that support would lead to an invasion of privacy, which puts them off taking action. In reality, many of the changes that are needed are behavioural and can have a big impact on risk reduction.

For example, people need to remember not to click on suspect links even when they’re stressed or in a rush, which is why training is so important. XCyber’s Moreman says: “The majority of cyber fraud can be avoided just by educating your clients to be more careful about the information they post about themselves online and by implementing some basic security measures such as using strong passwords and up-to-date anti-virus software.

“Being vigilant, wary and maintaining communication can help protect against attacks. A good defence strategy against email infiltration, for example, is to always confirm any instructions or the identity of a contact by using other trusted sources – don’t reply to the original email as this is the communication channel most likely to have been compromised.”

Action now can prevent pain later

Taking measures to safeguard our physical assets is commonplace, but it’s time we do more for our online protection. Individuals and companies are doing this to a certain extent, but the threat is constantly evolving and keeping pace with the fraudsters is difficult.

This is why ongoing training is so important. Barclays’ Bohlen says: “Cyber fraud can have hugely damaging results. For this reason, people should look to prevent it rather than be faced with its painful consequences. That’s why we’re delighted to be able to connect you with specialists like XCyber to help you take control of your firm’s online security.”


Fraud awareness and digital security

Smart tips to help protect yourself online, keep your personal data safe, avoid fraud and how to contact us if you suspect of misuse on your account.


Talk to us

If you have any questions or want to discuss your investment options, contact us.

Any service provided herein is offered directly by XCyber only. Barclays sole role is to refer you to XCyber and is not providing any recommendation or advice. Barclays receives no payment or fee for this referral. We provide no guarantee to the services herein and that the client should engage their own legal and specialists advisor for documentation, etc.

Related articles