Independent Thinking^®

Cyber Smart: Questions & Answers in Practicing Self-Defense

Increased cybercrime is an unfortunate side effect in the global fight against COVID-19. As families and companies seek information and adapt to new forms of communication, criminals are seeing new opportunities. Wealth managers are in the frontlines of this battle, working to protect client information and assets. Here we interview Kate Mulvany, a Partner and Wealth & Fiduciary Advisor at Evercore Wealth Management, and Elsa Ferreira, Chief Information Security Officer at Evercore.

Q: Cybersecurity is a major focus across Evercore and the firm has allocated substantial resources to this fight. At this point in the pandemic, how are you seeing cybercriminals trying to exploit companies and individuals?

Elsa: It’s certainly a challenging time, and we are marshaling significant resources to defend our firm and our clients. We know that criminals are increasingly preying on decentralized workforces, and on people’s fears associated with COVID-19. Phishing emails claiming to provide useful information about the virus are on the rise. These malicious emails often impersonate regional health organizations and/or pretend to provide up-to-date virus statistics, news or testing updates.
 
Kate: We are seeing evidence of these increased attempts at Evercore Wealth Management and Evercore Trust Company too. We are well aware that wealth managers are obvious targets, and we are fortunate to be part of a firm with powerful resources.
 
Q: What is the real purpose of these attacks?
 
Elsa: The goal of these phishing campaigns is to copy passwords and install malware to steal money and personal and professional information.
 
Q: Can you provide a recent wealth management example?
 
Kate: Sure. Earlier this month I received a client email notifying me that they were sending me a Google document. As I was not expecting any document from that client and the notice seemed odd, I immediately forwarded the email to our IT team, which was able to confirm that the client had in fact been hacked, and provided the client with specific instructions to minimize any financial impact. Next steps were to meet with the client (by phone) to establish new procedures around money movement requests and general communications.
 
Our policies and procedures are regularly tested and reviewed and have stood our clients in good stead. We are able to safely facilitate money movement for our clients on a daily basis, while only accepting instructions to move funds to a verified account on file. Instructions are verified verbally. Additionally, any payments to third parties (attorney escrow accounts for home/business transactions, auto dealers, third-party tuition services, and so on) are verified with both the client and with the third party.
 
Q: What is your advice to clients to protect their companies and themselves from cybercrime during this pandemic?
 
Elsa: It is essential to remain vigilant in your use of email, and to be cautious of any emails aiming to provide you with information on COVID-19. If you are seeking updates on the spread of the pandemic or related news, it is best to navigate directly to a trusted website. Also, be aware of phishing emails. Ask yourself if you were expecting the message and know the sender, and if the content and link make sense. Do not share passwords through email. Only visit reputable websites. And keep in mind that cyberscammers don’t limit themselves to your PC, they aim for your mobile device too.
 
Kate: If you have any concerns, please don’t hesitate to contact your advisors.
 
Kate Mulvany is a Partner and Wealth & Fiduciary Advisor at Evercore Wealth Management. She can be contacted at [email protected].