Alternative Investment
Heads Up: Malicious Meeting Links in Raising Capital
Articles by: Richey May, May 21, 2024
A trend of phishing and social engineering is emerging in the alternative investments industry, particularly targeting digital assets and funds that are looking to raise capital. Cybercriminals, masquerading as potential investors, are exploiting the trust of eager fund managers through seemingly innocuous calendar meeting links. The meeting links are then used to install malware onto a victim’s device. The cybersecurity experts at Richey May have some tips on what to watch for so that you can protect yourself.
While it is a common practice to have a video call to raise funds, it’s important to make sure the investor is legitimate before clicking on meeting links. Before setting up a meeting, research to verify the legitimacy of the person and the company. In one example, the malicious actor posed as an employee of a large investment firm; research the individual employee to make sure they are who they say they are.
Tip: Call the employee at the company using a phone number listed on the company website to verify the meeting. If the employee doesn’t know about the meeting, then you may have been contacted by a malicious actor posing as the employee.
Malicious actors prey on your excitement and urgency to connect with potential investors. When you go to join the meeting, they may claim that the original link is broken and send you a new link that asks you to run a script on your device. That script installs malware to infect your device.
Tip: Think twice before you click on links for meetings – if it’s asking you to run a script, don’t. Ask for another method to connect; if they get defensive or try to pressure you, it is a red flag that they are not a legitimate investor.
Krebs on Security, an in-depth security news and investigation resource, recently released an article that details a real-world scenario of one of these scams. Read the article here for a closer look. Although this article focuses on crypto, this method applies to all investor meetings.
Prevention is Key
The best way to stop this type of phishing/social engineering attack is to stay vigilant and do your research. If anything seems odd, it probably is. When in doubt, verify before you click. A qualified investor will respect your commitment to quality to protect their investment.
If you need additional cybersecurity support for your fund, the Richey May Cyber team is ready to help. Reach out to Steve Vlasak for more information.