Mike Jackson, President, Pendello Solutions

Wealth management clients are increasingly targeted by sophisticated phishing scams that can lead to financial loss and reputational damage. These scams often masquerade as legitimate communications from financial advisors, investment opportunities, or tax authorities. To help protect your assets and personal information, it’s essential to be aware of the most common phishing scams in the wealth management space, understand how they work, and learn how to protect yourself.

1. Account Verification Scams

What It Is: These scams involve emails or text messages that claim there has been suspicious activity on your account, prompting you to “verify” your information through a provided link. This link leads to a fake website designed to steal your credentials.

Real-World Example: Recently, clients of a large financial institution were targeted with phishing emails that appeared to be from the company, asking them to “restore their account” or “verify their information” to comply with current records. Clicking the link led to a fake login page where credentials were stolen.

How to Protect Yourself:

  • Do not click on links in unsolicited emails or texts claiming account issues.

  • Directly contact your financial institution to verify any suspicious requests.

  • Enable multi-factor authentication on all accounts.

2. Fake Investment Opportunities

What It Is: Scammers create fraudulent investment opportunities that appear to be from legitimate sources, promising high returns. These scams often target wealth management clients with offers that seem exclusive or time-sensitive.

Real-World Example: In 2021, a phishing campaign targeted affluent clients with emails promoting a high-yield bond. The emails appeared to be from the client’s financial advisor and included links to a convincing but fake website. Several victims invested thousands before realizing the scam.

How to Protect Yourself:

  • Always verify investment offers by contacting your advisor directly.

  • Research the investment and company independently.

  • Be wary of unsolicited offers, especially those promising high returns with low risk.

3. Tax Season Scams

What It Is: During tax season, scammers pose as the IRS or tax professionals, claiming there are issues with your tax filing or that a refund is pending. They urge victims to click on links or provide personal information, leading to identity theft.

Real-World Example: In 2022, thousands of taxpayers received phishing emails claiming they needed to update their information to receive a refund. The emails contained links to fake IRS websites where victims unknowingly provided sensitive information.

How to Protect Yourself:

  • The IRS will never contact you via email for sensitive information.

  • Verify any tax-related communication by contacting the IRS or your tax professional directly.

  • Never click on links or download attachments from unknown or suspicious sources.

4. Impersonation of Financial Advisors

What It Is: Scammers impersonate trusted financial advisors, sending emails or making phone calls to clients to request sensitive information or unauthorized fund transfers. They often use sophisticated methods to make the communication appear authentic.

Real-World Example: In 2021, a group of scammers compromised the email account of a financial advisor and sent personalized emails to clients, asking them to confirm account details for a new investment. Several clients were duped into sharing sensitive information, leading to unauthorized transactions.

How to Protect Yourself:

  • Always verify requests for sensitive information or fund transfers by contacting your advisor through a known, secure channel.

  • Be cautious of unsolicited communication, even if it appears to come from a familiar source.

  • Use secure communication platforms recommended by your financial institution.

5. Medusa Malware Phishing Attacks

What It Is: Medusa malware attacks, which gained notoriety in 2022, are spread through phishing emails that claim to be from trusted financial institutions. These emails often contain attachments or links that, when clicked, install the malware, enabling attackers to steal sensitive data.

Real-World Example: In 2022, multiple U.S. financial institutions were targeted by phishing campaigns using Medusa malware. Victims received emails that appeared to be from their bank, warning them about unauthorized account activity. Once they clicked the link to “secure” their account, the malware was installed, giving attackers access to banking information and personal data.

How to Protect Yourself:

  • Never click on suspicious links or attachments in unsolicited emails.

  • Verify the sender by contacting your financial institution directly through a known, legitimate phone number or email.

  • Use multi-factor authentication for all financial accounts to add an extra layer of security.

Well-Known Phishing Scams in the USA Post-2020

As phishing attacks continue to evolve, several high-profile scams have emerged in the financial sector, targeting both institutions and individual investors. These incidents highlight the growing sophistication of cybercriminals and the need for heightened vigilance.

1. Medusa Malware Campaign (2022) This phishing campaign targeted U.S. financial institutions with emails disguised as security alerts. Once recipients clicked on the link, Medusa malware was installed, allowing attackers to steal banking information and credentials.

2. Robinhood Data Breach Phishing Attack (2021) Attackers gained access to the personal information of approximately 7 million users by convincing an employee to click a phishing link. This led to an increase in phishing emails targeting affected users, seeking to obtain more personal data or tricking users into fraudulent investments.

3. Microsoft 365 Credential Phishing (2020-2021) Scammers targeted financial institutions by sending emails from compromised Microsoft 365 accounts, requesting login credentials and stealing sensitive data from employees who unknowingly provided access.

4. PayPal Invoice Scam (2021) Scammers sent fake PayPal invoices to individuals, often impersonating financial advisors or popular merchants. These invoices included payment links that redirected to phishing sites, tricking users into entering their account credentials.

5. E*TRADE Account Suspension Scam (2021) E*TRADE customers were targeted with phishing emails claiming their accounts were suspended due to suspicious activity. Victims were directed to a fake login page that harvested their credentials and led to unauthorized trading activity.

These examples illustrate how critical it is to remain vigilant and proactive in protecting your financial data. Staying informed and using best practices can help safeguard against these ever-evolving threats.

Conclusion

Phishing scams targeting wealth management clients are becoming more sophisticated and difficult to detect. By staying informed about the various types of scams—such as Medusa malware attacks, fake investment opportunities, account verification scams, tax season scams, and advisor impersonation—clients can better protect their assets and personal information. Always verify any suspicious requests and consult with your financial advisor to ensure your financial security.

Investment advice, financial planning, and retirement plan services are provided by Prosperity Planning, Inc., an SEC registered investment advisor. The information contained herein, including but not limited to research, market valuations, calculations, estimates and other material obtained from these sources are believed to be reliable. However, Prosperity Planning, Inc. does not warrant its accuracy or completeness. The information contained herein has been prepared solely for informational purposes and is not an offer to buy or sell or a solicitation of an offer to buy or sell any security or to participate in any trading strategy. If an offer of securities is made, it will be under a definitive investment management agreement prepared on behalf of Prosperity which contains material information not contained herein and which supersedes this information in its entirety. Any investment involves significant risk, including a complete loss of capital and conflicts of interest. Certain risks are summarized below. The applicable definitive investment management agreement and Form ADV Part 2A will contain a more thorough discussion of risk and conflict, which should be carefully reviewed before making any investment decision.
Newer Post
Older Post
Back to Top
© 2025 PROSPERITY PLANNING, INC.

1920 Buchanan Street, North Kansas City, Missouri 64116 | (816) 587-7526 | info@prosperityplanning.com

Linkedin

Investment advisory services offered through Prosperity Planning, Inc., a registered investment advisor.

Certified Financial Planner Board of Standards Inc. owns the certification marks CFP®, CERTIFIED FINANCIAL PLANNER™, CFP® (with plaque design) and CFP® (with flame design) in the U.S., which it awards to individuals who successfully complete CFP Board’s initial and ongoing certification requirements.