Hackers don’t just want your money. Financial advisors have access to valuable information, not to mention connections to other advisors with their own assets and information. Cybercriminals have a name for these lucrative targets: candy stores.
A guide published in July by Privide, a credit and identity monitoring and consulting provider, described what hackers are looking for at these “candy stores” and what their potential targets can do to protect them.
“I’ve been in the security business for 20 years and I didn’t hear the term candy store until probably six or seven months ago when a very notorious identity thief we were interviewing brought it up,” Neal O’Farrell, founder of Privide and creator of the guide, told ThinkAdvisor in July.
There are five characteristics of a “candy store,” O’Farrell said.
- High net worth. “They are individually well off and therefore worth targeting,” he said. That could mean they have higher net worth or better credit than the average consumer.
- Valuable information. “They have personal information that is just as valuable or more valuable than money,” O’Farrell said. That may be business dealings they don’t want exposed, emails or texts they don’t want a competitor or a spouse discovering, assets they don’t want people to know about, or charitable or political activities. “There’s a value to this information and there’s also the embarrassment; how much would this individual pay not to have this information exposed?”
- Access to other “candy stores.” “Successful people, wealthy people tend to connect to similar people. If you’re a doctor, you probably know a lot of doctors,” O’Farrell said.
- Access to “non-peer” information. Employee and client information is valuable as well.
- Multiple accounts with large balances. “There’s a lot of very sophisticated malware out there, particularly banking Trojans, that the only difficult thing that comes between them and your bank account is anti-virus software, and we know now that most of that doesn’t work.”
However, “You don’t have to meet all five criteria to be a lucrative target,” he added.
“Cybercrime is becoming an industry and like any other industry, it’s become fragmented,” O’Farrell said. “It’s become specialized.”
Some crooks go after state secrets, while others hunt high-profile victims like “the Targets and the eBays of the world.” Hackers who go after high-net-worth targets do so because “they’re the perfect target. They’re the biggest reward with the lowest risk.”
A hacker’s attack plan doesn’t start with a computer virus though, but much earlier with research, according to O’Farrell. It’s very easy to compile lists of financial managers or high-net-worth targets and to get their email addresses, he said.
Hackers rarely hit targets one at a time. “They can hit dozens or even hundreds at a time,” he noted. “In one case, one thief spent over 18 months developing a portfolio of clients. He called it his ‘rainy day file’ because they were his most lucrative targets that he knew he owned, and any time he felt he needed extra money, he’d hit one of these clients. He knew their passwords, he knew their habits.”
Once they’ve identified their targets and learned all they can about them is when they implement the malware that constitutes the actual attack. Malware is “the easiest way to get into the lives of a target,” O’Farrell said. “You can do it from the other side of the street or you can do it from the other side of the world.”
After purchasing the malware they’re going to use, whether it’s a keylogger or a banking Trojan, they run it through a crypting service, which tests the malware against all the known anti-virus products. O’Farrell said there are 40 to 50 products in use today. Norton and McAfee are familiar products, but there are smaller options too, like Panda, ESET or Kaspersky.
Criminals are “launching a piece of malware on the target whose only defense is probably anti-virus software, and they know the anti-virus software isn’t going to catch it. They own that client,” O’Farrell said.
He noted that with financial advisors there has been “a gradual dawning of awareness” about the threat of cyberattacks, but “they need to accelerate that. They have to move from the typical strategy, which is ‘check and forget,’ to ‘live and breathe.’”