Laurence Fletcher, 27 April 2021
It was only when John made a final phone call to confirm the transfer of about €10m to his family trust that he realised he was about to fall victim to a highly sophisticated financial scam.
A fraudster had spent two months pretending to be one of John’s business associates in order to gain his confidence and trick him into diverting a standard loan repayment to a different bank account.
Having obtained emails through an earlier hack of a financial services company in Liechtenstein, they studied the habits and conversational style of John’s business associate and then imitated him on email.
John, a London-based private investor who invests his family’s money and who regularly works with a number of smaller financial firms across Europe, said the fraud was thwarted at the eleventh hour “purely by luck”.
The Financial Times has pieced together the details of how the attack on John unfolded, and how a separate phishing attack eventually forced the liquidation of the main hedge fund run by Levitas Capital, a Sydney-based firm with $75m in assets under management.
The complexity of the two scams, and the time and money the fraudsters were prepared to invest, highlight the threat now faced by smaller financial services firms such as hedge funds, brokers and administrators, as well as by family offices and wealthy individuals. Often, hackers who obtain valuable information through an attack on one financial firm will sell the stolen data on the dark web to criminal groups experienced in using such data for frauds.
Large banks are attractive targets for hackers, but the millions of pounds they spend each year on cyber security makes them tough to hack. Smaller hedge funds can be more enticing targets because they handle large sums of money but may only spend tens of thousands of pounds protecting themselves, according to cyber security firm Remora. The array of third-party companies that hedge funds use, for instance trustees, administrators and auditors, increases the number of potential weak links in the chain that hackers can target, and their principals are often more visible and easier to target.