Modern Fraud Risks: Subtle and Sophisticated

Author: Laura Tyson 

Wire fraud has become one of the most consequential operational risks in fund administration – with the source of that risk emanating not from one big, cinematic hack, but rather from many small, coordinated moves. Today’s fraud attempts are compound events: an email change here, a new “authorized” contact there, a change to banking details carefully timed ahead of a redemption. None of these steps look dramatic on their own. Together, however, they can reroute real money and result in millions in losses. 

Compounding the increased subtlety and sophistication of this threat, remote work and widely distributed communications have expanded the attack surface across staff, vendors, managers, and investors. The result is a threat landscape where identity theft and wire fraud are much more difficult to avoid. A compromised inbox can lead to precise impersonation; a single successful phishing link can give attackers weeks of quiet visibility into legitimate workflows.

How Fraudsters Operate Today

Tactics have grown more coordinated and difficult to detect. Today, you might see: 

• Phishing and social engineering campaigns targeting fund admins, CFOs, and investors.

• Account compromise allowing adversaries to observe patterns, copy tone, and time requests to dovetail with otherwise expected fund or investor actions.

• Incremental profile edits changing valid demographic data points culminating in new fraudulent wire instructions.

• Behavioral mirroring where attackers mimic cadence, terms, and formatting they’ve been watching in an email inbox. 

Where the Flow is Most Exposed: Demographic Changes 

The riskiest moments cluster around alterations to investor demographics:

• Email address changes

• Authorized signers and contact changes

• Phone numbers used for callbacks

• Banking details / wire instructions

Attackers typically begin with low‑friction updates – often an email or phone number – because those early changes can quietly undermine downstream verification procedures. From there, attacks can evolve gradually rather than through a single, obvious breach, with the accumulated shifts providing the opportunity to create a convincing illusion of legitimacy.

Balancing Protection with a Friction‑Light Investor Experience 

Investor experience and fraud prevention are complementary, not competing, goals. Important tenets of our approach include:

1. Set expectations early. During onboarding and at key lifecycle events, we outline our demographic change procedures and escalation paths. Surprises create friction; preparation creates trust.

2. Explain the “why,” not just the “what.” We educate managers and investors that every extra verification step exists to protect them from permanent loss and reputational damage.

3. Normalize callbacks. We require phone callbacks for any change to wire instructions, and we explain upfront that these controls are part of a standard, industry‑aligned protocol.

By validating updates through authorized channels, one can identify fraudulent instructions before funds move, even in cases where attackers have had the chance to monitor inboxes for weeks to mimic legitimate behavior. These safeguards may feel like added steps in the moment, but they’re what protect the investor and fund manager in the long run.

Building a Resilient Fraud‑Prevention Framework 

Effective fraud protection isn’t driven by any single control – to truly confront such a dispersed and persistent threat, preventive training and procedures must be widespread and consistent. Because modern fraud attempts unfold across multiple touchpoints, defenses against them must be equally interconnected. Every firm playing a role in cash movement needs a multi-faceted control framework designed to close gaps, surface risk early, and keep every party aligned in protecting investor and fund assets.

The Controls That Matter Most

Even the most sophisticated systems depend on vigilant people. All fund-related service providers must invest deliberately in keeping fraud awareness top‑of‑mind. Here are some of the procedures we’ve implemented:

• Monthly phishing tests to maintain vigilance.

• Monthly security awareness training focused on red flags, escalation, and emerging threats. 

• Clear escalation protocols that encourage staff to slow down and escalate scenarios that give them pause or require additional information to be handled appropriately. 

• Secure manager and investor portals to deliver transaction summaries, investor statements and other documents. 

• Multi‑factor authentication (MFA) for staff and manager and investor portal users. 

• Centralized standing wire instruction database to detect any changes to wire instructions and to enforce documentation and approval controls for all updates. 
  
  

Evolving Solutions to Meet Dynamic Threats 

Fraud attempts are not going away; they’re becoming more sophisticated. Vigilance, disciplined processes, and evolving controls are what keep pace with that shift. When every change is evaluated carefully, fund and investor protection remains strong without compromising experience. Remember: 

1. Lay the Groundwork with Clients and Investors – Talk with clients early and often about enhanced fraud controls so that when the time comes to leverage them, they’re supporting your procedures with investors. Take the time to explain to investors why their information is necessary up front – and always frame interactions with the clear purpose of fraud control. 

2. Leverage Technology that Makes Sense for Your Organization – Whether it’s using investor demographic or other databases to house standing wire details, or adding MFA to portals, strengthen information quality and access protocols to create a multi-layered control framework. 

3. Train, Train, Train – Savvy staff are everyone’s number one asset. Remind them constantly that email tropes and other security risks are out there at every turn and set the expectation that their vigilance be as consistent as the risks themselves.