Cyber criminals steal via wealth managers
Cyber criminals are increasingly hacking into the systems of wealth managers in order to steal money from better-protected clearing banks, according to Kroll, the investigations agency.
At least six wealth managers have been used to facilitate multimillion-pound cyber heists in the UK in the past four months, said EJ Hilbert, a former FBI counter-terrorist agent who moved to the UK as Kroll’s head of cyber investigations in the summer.
“It’s scary. Wealth managers are being used to get millions of dollars. I have seen six of these [thefts] in the four months I have been here,” Mr Hilbert said. “Europe and the Middle East are three to five years behind the US [in cybercrime awareness].”
The incidents come amid mounting concern over cyber security, with agents from GCHQ, the UK government’s communications headquarters, urging asset managers to push the issue higher up the corporate agenda, and a broader push to make it a board-level priority.
The Metropolitan Police is due to launch a 400-strong cyber unit early next year, quadrupling the number of officers tackling this type of crime across London, after a 60 per cent jump in offences in the past year.
According to Kroll, criminals are gaining access to wealth managers’ systems by setting up bogus WiFi networks at airports and hotels, which travelling staff use inadvertently.
The fraudsters can then send an email to a clearing bank asking for large sums of money held on behalf of clients of the wealth manager to be moved to other accounts.
As these requests are usually flagged up as suspicious, the clearing bank will typically email the wealth manager to ask for clarification. Staff at the latter will never see this email, as the fraudsters will have set up an email filter, and can confirm the transaction themselves.
“The criminals are geniuses, they are absolutely brilliant,” said one industry figure. “The capability that organised crime has is very sophisticated and we have seen it used in inventive ways. Banks themselves have spent a lot on their systems but every transaction has two ends, so why not target the other end?”
However, John Barrass, deputy chief executive of the Wealth Management Association, denied that his members were a “soft touch”.
“We are aware that there is an ongoing attack on wealth managers by cyber means. We have made clear this is an area we expect them to be looking at. They have a financial incentive, never mind the moral incentives,” said Mr Barrass.
The British Bankers’ Association said it was aware that cyber criminals were “evolving their methodology of offending” and were targeting the accounts of “high net worth” bank clients.
Mr Hilbert added: “The issue is lack of understanding of cyber security. I worked with a company that had 125 armed guards and four people dealing with cyber security. They had been hacked for four years. Their information is walking out the door, but it is the cyber door.”