The attack was extremely clever. The criminals were able to steal many thousands of dollars while never directly transferring funds out of the client’ s account. There weren’ t any wiring instructions or calls to confirm. By the time the advisor and the client received the trade confirmations, the criminals were long gone. Because the crooks weren’ t hitting any of the usual trip wires, the standard protections used by wealth managers to prevent the theft of client assets were rendered ineffective.

The theft in this case was entirely the fault of the client. The wealth management firm she uses is large and sophisticated, with robust cyber defenses. Unfortunately, she had not taken the necessary steps to protect her devices, apps, search engines and browsers. She clicked a link from a text message that appeared to be from a custodian, and her device was infected with malware, providing cybercriminals access to several of her passwords.

What Could Have Happened

However, as bad as this breach was for the client, consider for one second what might have happened if instead the wealth manager’ s systems had been infected and directly breached by cybercriminals. The thieves could have accessed hundreds or even thousands of client accounts and stolen millions of dollars, placing the firm’ s survival at risk.

For example, what if the criminals had successfully used this type of attack against a firm with $ 1 billion in AUM and 500 clients? If the attackers simultaneously bought just $ 50,000 of the penny stocks in each client’ s account— which would look like the advisor is simply implementing a new small allocation across client accounts— the thieves could quickly steal $ 20 million before anyone knows what was happening.

It is unclear how any firm could remain in business after suffering such an attack. It would be financially liable for any losses. The firm’ s brand would be obliterated after the story inevitably wound up in the press. And even if it didn’ t have to file for bankruptcy, the firm would have trouble persuading existing clients to stay, not to mention its trouble recruiting new ones.

This attack demonstrates that cybercriminals are carefully studying the ways wealth managers operate their businesses and revising their tactics accordingly. It should be a wake-up call for every industry participant, prompting them to quickly move up the curve on cyber. It is now only a matter of time before every firm in this industry gets breached, and the only question is whether a firm will be able to survive it.

MARK P. HURLEY is the CEO of Digital Privacy & Protection. CARMINE CICALESE, Col., U. S. Army( Ret.) is the President of Cyber CIC and is a Senior Partner at Digital Privacy & Protection.

NOVEMBER 2025 | FINANCIAL ADVISOR MAGAZINE | 29