ESTATE PLANNING | INSURANCE | INVESTING | PORTFOLIO SPOTLIGHT | REAL ESTATE | RETIREMENT | TECHNOLOGY | YOUR PRACTICE
The‘ Game Over’ Cyberattack Has Arrived
This novel intrusion should have all firms worried.
By Mark Hurley and Carmine Cicalese
WEALTH MANAGERS USE A SEries of checks and safeguards to prevent cyber thieves from attacking their clients’ accounts. These safeguards include a careful review of wiring instructions, confirmatory calls, and multi-factor authentication. However, we have recently encountered a new type of attack that circumvents these protections. In fact, it could put a firm out of business in a single afternoon.
Our company, Digital Privacy & Protection, helps protect wealth management clients from such cybercriminals. In our four years of existence, we’ ve never had a client suffer a breach and lose money. Our business is prevention, but almost daily someone shows up on our doorstep looking for help after they’ ve been victim of a cyberattack. We always help them because it’ s our mission and vocation to protect people from online thugs. However, it also offers us a glimpse into the newest tactics used by cybercriminals.
One advisor recently asked us to help someone who had been victimized in a very creative“ pump and dump” cyberattack. It’ s often more art than science to determine when something has happened, but it appears the criminals were able to infect the client’ s device with malware, then they used that to steal the user ID and password to the client’ s custodial account. The malware also allowed the criminals to intercept the confirmation code sent by the custodian to the client as part of the multifactor authentication.
Neither of these steps were remarkable because there is a daily arms race between coders writing antivirus software and criminals creating new malware. The good guys don’ t always win. Indeed, a computer using AI software now takes less than one second to correctly guess any short or unsophisticated password. Cybercriminals also regularly intercept communications by either infecting devices or hacking into telecom accounts and redirecting SIM cards associated with cell phones.
What was different in the client’ s case was that the criminals likely used their own funds to purchase a set of highly illiquid“ penny stocks” in an offshore account just before breaching the client’ s account. As every advisor knows only too well, these stocks“ trade by appointment” and even small volumes of purchases or sales can materially change their prices.
The cybercriminals logged into the client’ s custodial account and used any available funds to buy up the same set of stocks, dramatically inflating their value. They then immediately dumped their shares in the offshore account, reaping immense profits and leaving the client with a portfolio that was worth only a fraction of what had been paid.
28 | FINANCIAL ADVISOR MAGAZINE | NOVEMBER 2025 WWW. FA-MAG. COM