Three New Cyber Threats - June Edition
1. Voice & imaging replication for deepfake Zoom calls.
AI software can now be used to stage fake Zoom calls with individuals. In a recent attack, cyber criminals were able to accurately replicate the image and voice of the CEO of a company and use it as part of a twenty-minute call with investors without the executive’s knowledge.
This attack creates yet another set of cyber risks for wealth managers. For example, cybercriminals can pose as the wealth manager, schedule a Zoom call, and then use it to collect immense amounts of client personal information. Similarly, they can pose as the client and use a Zoom call to direct fraudulent transactions.
2. ChatGPT makes phishing emails more realistic.
Largely unnoticed in the excitement involving ChatGPT is that it creates a host of new cyberthreats. The most common cyberattacks involve phishing attacks, emails with attachments that contain malware, malicious software designed to get behind cyber defenses, export information and take control of systems. However, until recently it had been relatively easy to spot many phishing emails because they often had spelling, grammatical or verb tense errors. With ChatGPT, cybercriminals can write in a manner that masks their lack of understanding of English.
Wealth managers need to educate their employees about this new threat. A single successful phishing attack can compromise the firm’s systems and lead to the potential theft of client information and assets.
3. Insider threats to businesses are rising.
A recent study found a 44% increase in the number of insider cyberattacks of businesses. They typically occur when employees first start, leave or give notice.
Such attacks on wealth managers are both potentially lucrative and problematic. They are lucrative because the personal information for just one client can be sold for as much as $1,000. They are problematic because under Regulation S-ID, wealth managers are obligated to protect client personal information and, should it be stolen, the wealth manager could be subject to an enforcement action.