New forms of phishing attacks and other advanced email threats can cost your clients—and your brand—more than you may realize.
You could call her a dream client: well-heeled, well-connected, and surely worth a fortune in potential referrals. But when a pair of business email compromise (BEC) attacks against an accountant at her wealth management firm led to $350,000 in losses, the relationship could have gone sour, fast.
It didn’t help that the victim was Ann Scott, the First Lady of Florida and wife of Governor Rick Scott. Indeed, what was surely a humiliating situation could have quickly blossomed into a high-profile scandal.
Yet according to the Miami Herald, word of the incidents only surfaced this September, despite the fact that the first attack occurred back in 2012. As the pub reports, the scam involved two fraudulent wire transfers—one for $260,022 and another for $89,320—sent to bank accounts in Miami and Australia.
How’d they do it? First, the fraudsters spoofed Scott's email, opening a new Gmail account and adding a third "n" to the “Ann” used in her real address. They then sent the fraudulent message to the accountant at the NYC-based wealth management firm, who initiated the transfers.
Outrageous, right? But also, far from rare.
BEC and the Millionaire Next Door
According to industry reports, a growing number of BEC attacks are targeting firms catering to a clientele with a higher-than-average net worth.
Think wealth management firms like Scott’s, but also accounting and tax services, estate planning firms, lawyers, and retirement plan providers that manage more than $5.3 trillion in assets for everyday investors.
Attacks on retirement plan providers have spiked 100% since 2016, as thieves seek to steal sensitive client data or divert distributions from participant accounts. And schemes targeting CPAs and other tax professionals have surged 60% in just the last 12 months, thanks in part to “New Client” ploys aimed at hijacking email accounts from which to phish clients and run tax refund scams.
According to wealth management site Thinkadvisor.com, BEC scams like these have led to $12.5 billion in losses for US businesses over the last five years. Indeed, 95% of data breaches start with emails, costing financial services firms an average of $12 million per breach.
When Phish Hits Fan
For chief marketers, the negative publicity generated by these kinds of attacks can do serious reputational damage. Customer churn spikes. Growth can stall out. And building a leading, trusted brand? Well, good luck with that.
After all, we’re not just talking about a few here-today-gone-tomorrow newspaper headlines anymore.
These days, the bigger the breach or the losses, the higher the Google rankings. Thanks to links and fiery comments shared via the megaphone of social media, negative publicity is forever. And it’s often amplified among the very people you least want exposed to the news—your customers and their extended networks.
As a result, 22% of consumers have left a financial services firm due to this kind of exposure. And 14% have posted critical comments about brands hit by successful attacks. For marketers serving wealthy clients and prospects, the risks from this kind of consumer sentiment are inestimable.
It’s easy to see why. According to Crain’s New York, 1 out of 4 high-net worth individuals have been targeted by cyberthieves. And they’re the avatars of choice for imposters launching BEC scams aimed at financial services firms.
So the security of the brands to whom they entrust their assets? Kind of a big deal.
The Smart Money Against Email Attacks
Spurred on by all this, many firms will seek to reinforce their existing email security systems.
But some may find they need to go further, deploying modern, machine learning-based solutions that can recognize the relationship between sender and receiver, spot behavioral anomalies and block even the most sophisticated email attacks from ever reaching their targets.
Agari’s Enterprise Protect solution, for instance, is used by six of the 10 largest banks and thousands of other category-leading brands to defeat fraudsters and protect their businesses and clients. By integrating advanced machine learning technologies and global threat intelligence, the Agari solution is able to block BEC attacks that easily bypass other email security systems.
For today’s savviest marketers, investments in solutions like this aren’t just about email security. They’re about competitive differentiation in a sector that’s increasingly under assault. Brands that can assure security-sensitive clients that their assets and investments are safe? Winning.
Getting Away Scott Free
Perhaps Ann Scott’s wealth management firm figured all this out long ago. After compromising her email a second time in 2014, fraudsters sent email messages requesting wire transfers totaling $397,330. This time, no dice.
In fact, after a lengthy investigation, the Florida Department of Law Enforcement was able to recover all of the money lost in the earlier theft, though no arrests were made.
If only every BEC-driven heist had such a favorable outcome, right? But for marketers, there’s something even better: stopping these crimes from ever happening in the first place.
To learn more about BEC and how advanced email threat protection can help prevent it, download an exclusive Agari white paper: "Business Email Compromise in the Financial Services Industry"