Money managers should remain watchful of phishing emails targeting employees, who already are fielding an influx of communications about the coronavirus pandemic as they adjust to remote working.
AllianceBernstein LP, New York, started to see a rise in COVID-19 related phishing emails in March, which continued through May, according to Anthony Basile, AB's chief security officer who is based in Nashville.
In the phishing emails, scammers pretended to be AB executives, and "it seemed like our adversaries were studying the individuals they were impersonating," Mr. Basile said.
In comparison to typical phishing emails, these targeted attacks stood out and executives noticed a "dramatic change in the quality of the fraudulent emails," from grammar to tone of voice making the communications appear very authentic, he added.
Like most phishing attacks, however, the bad actors had a similar motive: to gain additional information to supplement what they already knew about targets, or to commit some sort of wire fraud and transfer funds out a client's account, Mr. Basile said.
Russell Sommers, a New York-based senior manager in the financial services practice of Baker Tilly Virchow Krause LLP, warned that the biggest cyber threat to organizations "is always going to be people."
The element of human risk is also exacerbated now due to employees' attention being divided as they work from home and the sheer volume of communications they are receiving as a result of the pandemic, Mr. Sommers said.
"I think the volume of communication, (whether) on Zoom, or email or phone calls, have gone up significantly. And with that comes an increase in phishing or spear phishing attacks, where people have tried to disguise this as regular business communications. When people have communication fatigue … it's a very real risk," Mr. Sommers added.
"People work in the office a little differently than they work at home," he added, and may be less likely to rigorously screen emails at home, for instance.
At AB, COVID-19 related phishing attacks weren't successful because of a combination of risk management technology, people and processes, such as AB using additional measures to verify the identity of clients and make sure they are party to requested transactions, Mr. Basile said.
AB reported in a recent SEC filing that, due to most of its workforce working remotely, it is "mindful of increased risk related to cybersecurity, which could significantly disrupt our business functions."
The 10-Q filing, dated July 23, also noted technology enhancements as a result of the pandemic, such as enhanced cybersecurity training for staff.