Cybercriminals have figured out a way to steal from the world's richest people
Typically, we think of Internet fraud as targeting a wide swath of victims—take spam emails with malware links, for example—in the hopes of accumulating a large profit from the small percentage of users who blunder into the trap. That’s partly because stealing a lump sum held in a clearing bank is a lot trickier than preying on your average, trusting PC owner, though in recent months, thieves have found a point of access for major one-off heists: wealth managers.
Catering to high-net-worth individuals, wealth managers are responsible for directing the movement of vast amounts of money between accounts. Especially in Europe, according to corporate risk mitigation agency Kroll, these firms have proved vulnerable to a clever new type of attack. E.J. Hilbert, the ex-F.B.I. head of Kroll’s cyber investigations, said he has been with them for just four months and tallied six multimillion-pound robberies of this sort.
Because asset management staff travel often, a criminal can set up a non-secure Wi-Fi network in an airports and hotels and wait for their mark to log on, and from there send a fraudulent email as the employee asking a bank to transfer some funds. That request gets flagged, and the bank sends a follow-up message to confirm the transaction. But if the thief intercepts it with a filter, the real employee is none the wiser. Then the criminal just approves the flow of money to his own account.
“The capability that organized crime has is very sophisticated and we have seen it used in inventive ways,” one industry source told the Financial Times, going on to accuse wealth managers of lax security. “Banks themselves have spent a lot on their systems but every transaction has two ends, so why not target the other end?” Instead of changing the way business is done, however, the onus has fallen on the state to beef up enforcement and prosecute these cases after the fact: a national cybercrime division came online this year, and in London, the Metropolitan Police in will soon see their cyber unit expand by 400 officers.
In some ways, these changes are a natural extension of the U.K.’s pervasive surveillance net. One wonders, though, if neutralizing unprecedented threats to the country's very richest will become a top priority due to the political influence that tends to come with a notable fortune. If nothing else, taking aim at the fat cats probably gives the criminals some sense of moral balance: they’re no longer going after the little guy.