SHARE
advisors
May 22, 2018

Why is social engineering the biggest threat to your personal assets and security?

Every day we hear of new cyber risks and data breaches. While these issues might seem to be purely a technology problem, a closer look is warranted.

What that look will reveal is that the risks faced by high net worth individuals, their families and their businesses demonstrate a broad threat landscape. What’s more, that landscape incorporates not just cyber entities but people and processes as well.

Investing heavily in technology won’t protect your family or business if the problems you experience are caused by inadequate due diligence with advisors or poor awareness of the behaviors that put any family or business at risk.

This is where social engineering comes in: It’s a term for the psychological manipulation criminals often use to gain access, steal information or infect target systems with malware. In a common social-engineering attack, a hacker will craft a communication, usually an email, mimicking correspondence that would typically come from someone you communicate or do business with.

Other times, the attack is less personalized: blasting a large number of recipients with generic emails that appear to be coming from widely used applications, e-commerce websites and financial services firms.

The most dangerous iteration of social engineering is spear-phishing. This is an extremely targeted form of social engineering that uses publicly available data to craft correspondence that resonates with a particular individual or family. Examples might include the use of information from a target’s bio on a corporate website, details from a LinkedIn profile or other social media platform—all used to craft a tailored message.

Imagine, for instance, that you are the CEO of a publicly traded corporation. Your bio on your company’s website highlights that you are a graduate of a prominent university; your Facebook profile indicates that you are a resident of Fairfield County, and that you are a board member of a large, well-known nonprofit focused on the performing arts.

You then receive an email appearing to be from your alumni association alerting you to an alumni affinity event in Fairfield County to raise funds for the university’s performing arts programs. The email looks legitimate, with the logos, colors and format identical to what they would look like in any other note from your alma mater.

The email contains a link to register for the event, directing you to use your Google credentials. Do you input your credentials?

Hindsight is 20/20, but in the moment, the majority of us would click on that link and input our credentials. And that’s a recipe for disaster, because once an enterprising criminal has that level of access, the possibilities are endless. This person could mine your inbox to find information to continue to phish, redirect inbound correspondence, or figure out your credentials for bank accounts and other applications.

At that point, the criminal could start spear-phishing family members, friends and colleagues.

This is a scary thought for anyone, but for successful individuals and families even more is at stake. While we enjoy the benefits of the digital economy and social media, we have to understand the risks that come along with these tools. It is also important to understand that there is no longer any expectation of privacy in life.

Millennials and younger children, who didn’t grow up in a world without these technologies, aren’t as attuned to its risks.

But the good news is that there are vendors and trusted advisors who can provide assistance and training to augment the technology security your family employs. Increasing awareness around people and process issues can serve to protect your family and your most important assets.

One of those assets? Your personal information.

RECENT TWEETS

Disclaimer: Worth magazine is a financial publisher and does not recommend or endorse investment, legal, insurance or tax advisors. The listing of any firm in the 2018 Worth® Leading AdvisorsTM Program does not constitute a recommendation or endorsement by Worth magazine of any such firm and is not based upon Worth magazine’s experience with, or prior dealings with, any advisor. The information presented for each advisor, including but not limited to any related profile, statistical data, presentation, report, commentary, recommendation or strategy, has been provided by such advisor without review or independent verification by Worth magazine. Any such information is the sole responsibility of the advisor. Worth magazine makes no representation or warranty as to the accuracy or completeness of such information, assumes no liability for any inaccuracies or omissions therein and disclaims responsibility for the suitability of any particular investment recommendation or strategy for any person. Nothing contained in Worth magazine constitutes or should be construed as any form of investment, legal, insurance or tax advice or as a recommendation to buy, sell, hold or trade any securities, financial instruments or assets. Readers are advised to consult their legal, financial, insurance and tax advisors prior to making any investment or pursuing any investment strategy. Past, model or hypothetical performance is not indicative of future results.

back to top