How Cybercriminals Find Wealthy Targets


Social Media’s Slippery Slope for Private Client Advisors

Cybercriminals are using the treasure trove of information available on social media to target the wealthy—a term called whaling. Instead of blindly phishing millions of people in the hope of catching a few thousand dollars, criminals leverage private client advisors to concentrate on verified wealth potentially worth millions. Security experts warn that these focused, highly personalized attacks are increasing, hard to detect, and very effective. And many advisors are aiding criminals by making it easy to find the big phish.

Trawling social media networks and company websites for financial, insurance, and risk management professionals is perfectly legal, and a brilliant way to locate wealth. “Cybercriminals are incredibly smart and resourceful, and their methods and technology are increasingly sophisticated,” says Anwar Visram, CEO of Visram Security, a cybersecurity expert with 25 years' experience in technology and security advising HNW/UHNW families, celebrities, and athletes.

Private client advisors lead criminals to wealth

Cybercriminals look for wealth hubs. It’s hard to find a better starting point because key identifiers (e.g., private client, high net worth, wealth) are terms typically used in private client advisors’ social networking profiles on sites like LinkedIn, Facebook, and Twitter. Just define the search filters and drag the net—easy enough.

The outcome is a basket full of beacons telling wrongdoers where the money path begins. Then, sifting through advisors’ networks to find clients is elementary as the tools of the trade are purpose-built. Social media has made looking for a needle in the haystack a walk in the park.

“Impersonation is the single biggest cyberthreat, and the wealthy are prime targets,” says Visram. Once targets are obtained, perpetrators will often impersonate one or both sides—advisor or wealthy individual—depending on whom and what they see, the preferred attack method, and the objective: theft, fraud, robbery, extortion, or ransom.

Are you introducing cybercriminals to your clients?

Look at your professional or company social media pages from a public user, follower, or connection view. Anybody and anything you can see can also be seen by everyone else.

Limiting access to your network only to approved connections provides a false sense of security. Cybercriminals can simply build a pseudo profile impersonating wealthy individuals with whom most advisors would be eager to engage. Once connected, these perpetrators are on the inside.

When did it become acceptable to expose clients?

Advisors must recognize three things:

  • Social media is a high-exposure and high-risk public space that criminals exploit
  • Private client advisors are ideal wealth markers and impersonation opportunities
  • Clients expect advisors to know of and avoid threats

Social media’s attractiveness is understood. I spent many years involved with emerging media platforms while at companies such as Google. And my business uses social media. But we don’t work with wealthy clients; our customers are professionals working with wealthy clients—big difference.

As a marketing tool, social media offers an easy way to show off connections in an attempt to attract business—which is precisely the point. When did it become acceptable for an advisor to show off or expose clients in public?

Visram likes to use an analogy: Using social media "is like an advisor taking a group of clients to a crowded restaurant, known to have thieves present, and the advisor clinking their glass with a fork as they stand to announce they are dining with wealthy people.“

Social media is a maybe not a must-have

Advisors and their clients should take advantage of the extra level of built-in security—often referred to as two-factor authentication or verification—available on most reputable online services. Accounts will be more secure from takeover attacks. But this only partially mitigates risk because it doesn’t render targets invisible or prevent other types of attack.

Bottom line: Social media is risky business for private client advisors and their clients. Working with the high net worth and ultra-high net worth is a specialty that requires additional consideration and comes with heightened expectations.

Given how intertwined social media is with personal and business life, we often forget it is not a must-have but a maybe. Many don’t use it and still do very well. Some even uphold eschewing social media as a differentiator in their client relationship management and marketing.

Can private client advisors safely and responsibly use social media for business? The short answer is, yeswith strict limitations and control. We’ll discuss specific strategies and tactics in an upcoming post on The Refined Connection blog.


John Frankot is founder and president of Triple R Media and publisher of LIFE REFINED, a high-net-worth branding, retention, and referral tool. He mostly works with private client financial, insurance, and risk management firms; and, luxury real estate brokers.