Thu, Oct 16, 2025
A A A
Welcome Guest
Free Trial RSS pod
Get FREE trial access to our award winning publications
Horizons: Family Office & Investor Magazine

Next-Level Scams: AI, Crypto and The Assault on Private Wealth

Monday, October 13, 2025

Markus is a private wealth lawyer assisting global wealth owners, entrepreneurs, and their families in navigating the complexities of wealth management, wealth planning, estate planning, family offices, and digital assets. He is qualified to practice in Switzerland, Liechtenstein, and Austria and is the founder of Centro LAW, a wealth management and family office law firm based in Zurich, Switzerland. Markus also specializes in financial products and digital asset regulation as well as in financial and white-collar crime, with extensive experience in blockchain and AI.

Crime follows money, and technology multiplies it. Crime-as-a-service toolkits, deepfakes, and scalable infrastructure enable cybercriminals to target thousands simultaneously, while still tailoring convincing messages for individual victims. This article maps today's threat landscape and shows why high-net-worth individuals and their family offices are in the crosshairs.

Fraud has a history stretching back centuries and was already classified as a criminal offense in ancient Rome. With the rapid digitization and advancement of artificial intelligence, we are experiencing an unprecedented scale of deception and financial loss as cybercriminals industrialize their operations.

They target specific vulnerabilities of their victims. And who better to target than the wealthy? On the one hand, there is the lure of a large haul, and on the other, helpful information about their victims is accessible in the digital space. Perpetrators employ a wide range of tactics to deceive their victims in a booming, billion-dollar cybercrime economy.

THE THREAT LANDSCAPE

Let's categorize the methods used by cybercriminals based on the Swiss law-enforcement taxonomy. The fundamental distinction lies in whether one or more computers that are part of a network are the target of the criminals or whether cyber fraud is being committed.

If the attack is directed at a single computer, two methods are employed: data is scouted, and if necessary, a system is modified or malicious software is installed. If deception is used without any system changes, it is referred to as phishing, which involves the theft of sensitive personal information in the digital space. Suppose criminals break into a single data processing system. In that case, they do so either by force or by exploiting someone else's access to data, which in both instances constitutes hacking to steal or alter personal data for criminal purposes.

The use of malicious software can affect both individual and multiple computers. The term malware encompasses a range of software applications. Ransomware locks or encrypts IT systems to demand a ransom for the decryption key. E-banking trojans infect systems with code to take control of an account and initiate transactions. Spyware monitors user behavior and, once transmitted to criminals, is used for blackmail purposes. Rogueware/scareware is designed to scare users with a supposed virus infection and prompt them to purchase software that is, at best, useless and, at worst, another form of malware.

If a network is compromised to gain control over it, the infected network is referred to as a botnet, controlled by cybercriminals. If, on the other hand, the objective is to overload a network, this is a case of DDoS (Distributed Denial of Services).

Cyber fraud takes many forms, which are constantly evolving, as scammers continually seek to enrich themselves unlawfully by misleading individuals, causing them to harm themselves or others financially.

In CEO/Business Email Compromise (BEC) fraud, cybercriminals pose as representatives of a company and induce individuals within the company or business partners to carry out a transaction. In advance fee fraud, an advance payment must be made to cover the costs of receiving an alleged sum of money. In false support requests, criminals use hacked communication accounts to send requests for financial assistance to contacts. In payment systems or identity theft, personal payment systems or stolen identities of others are used for fraudulent purposes. When a supposed technical support employee gains access to a victim's computer to fix a problem, supposedly, this is fraudulent technical support. The masterclass category includes online investment fraud, which comes in countless forms and induces victims to make investments that have no value or do not even exist. Fake real estate ads, fraudulent online shops, romance scams, and numerous other variations and subforms round out the spectrum.

The industry is booming, and the entry barriers for criminals are becoming increasingly lower. Strategies, infrastructure, and illegally obtained data can be purchased on crime-as-a-service marketplaces. Today, an internet connection and off-the-shelf kits are sufficient to get started.

As EUROPOL states in its 2025 Internet Organized Crime Threat Assessment, data is no longer just the target - it's a commodity. Cybercriminals don't need to be technically skilled, as all the required toolkits, tutorials, and data are readily available for sale in bulk. In our digital world, we generate vast amounts of sensitive data and expose ourselves to vulnerabilities that we are often unaware of. The more data available, the better fraud tactics can be applied. And perpetrators enter almost unnoticed through open digital gateways to gain their financial advantage.

HIGH-NET-WORTH, HIGH EXPOSURE

Criminals follow a simple principle: go where the money is. It's not that wealthy people are more clueless than the average person - they are just more affluent and potentially more lucrative for scammers than the usual victim. This, by the way, is the exact reason why older people are more targeted than younger people. Furthermore, substantial private wealth tends to be complex and thus more challenging to monitor, making the opportunity even more appealing to cybercriminals.

In fact, data provided by the FBI's Internet Crime Complaint Center (IC3) shows that in 2024, the age group of 60 and above suffered the most significant losses, followed by those in their 50s and 40s. In 2024, in the USA, a total of losses due to cyber-enabled crime amounted to USD 16.6 billion, a 33% increase from the previous year. Cryptocurrency frauds account for USD 9.3 billion in losses, a 66% increase from the prior year. The three most profit-generating strategies are linked to cryptocurrency investments, personal data breaches, and fraudulent tech support.

It's no surprise that family offices are also particularly targeted by cyber-criminals. According to Deloitte's 2024 Family Office Cybersecurity Report, 43% of family offices globally had experienced a cyberattack in the previous 12 - 24 months. The top three strategies were phishing, malware, and social engineering, and of those family offices affected by cybercrime, one-third suffered losses.

There you have it: the current trends in the cybercrime industry target wealthy individuals and include digital assets. And let's bear in mind that the above numbers do not capture the entire damage since many victims do not report their cases.

THE NEXT LEVEL

Wondering what's the hottest development in cybercrime? It's, of course, AI. Deepfakes offer tremendous opportunities for cybercriminals. Synthetic video or audio files created by AI are of remarkable quality and available at a low cost. It no longer requires specialist skills to scale many of the above strategies.

Let's take the CEO/BEC fraud as an example. In 2024, a British engineering company lost GBP 20 million after an employee fell victim to an AI-generated video call in which the avatar of a senior executive instructed them to transfer funds to the scammers' account. Today, public video and audio provide ample source material, and consumer tools can produce convincing real-time avatars. With a video of a human on a social platform, the source data for the avatar is readily available, allowing the scammer to operate as another person in real-time.

The chief information officer of the affected company reported that they were accustomed to dealing with various types of cyber attacks, but couldn't keep pace with the sharp rise in the number and sophistication of attacks within a few months. He refers to what happened at his company as technology-enhanced social engineering, since it wasn't a pure cyberattack in the traditional sense. None of their systems were compromised, and no data was affected.

Also in 2024, a large global advertising company was targeted with a similar modus operandi. Scammers leveraged YouTube videos in combination with WhatsApp and an MS Teams meeting to impersonate the CEO, using an AI-generated voice, to obtain money and personal information from a senior leader under the pretext of starting a new business. Although the attack was repelled, the CEO also reported an increase in the sophistication of cyberattacks.

One might think that these threats only affect the corporate world. However, let's imagine a family office that regularly initiates transfers at the principal's instruction. As a security measure, transactions ordered by email are always confirmed by telephone. With a hacked email account, a redirected phone number, and an AI-generated voice of the principal, funds could be diverted to fraudsters with relatively little effort. As outlined above, nearly one in two family offices has experienced a cyberattack, and one-third of those affected have suffered financial losses.

Or why not fake a kidnapping of a family member? With some background information about a family member's trip to a remote destination, sending an AI-generated voice video of the supposedly kidnapped, accompanied by a request to send money immediately, could create the necessary agitation and sense of urgency - two significant catalysts for successful fraud - that would induce the family to make a ransom payment. Criminals would reach their objective without having to do any physical work.

Social engineering, a manipulation aimed at causing people to behave in a certain way to obtain access to systems or sensitive information, has been supercharged with the aid of AI. For instance, spear-phishing attacks are highly personalized, based on information scraped from social media profiles and other online sources, with the primary aim of gaining access to sensitive data. This used to require a substantial amount of preparatory work; large language models now enable criminals to run entire campaigns and scale their operations while still targeting individual victims. Research already shows that AI-generated messages are more likely to deceive victims than human-generated content.

How Crypto Fuels Criminal Playbooks

As cryptocurrencies gain wider acceptance and reach all-time highs, they have become a focal point for digital crime. Sam Bankman-Fried, for many a Bernie Madoff of the digital age, according to the US Securities and Exchange Commission, was orchestrating a massive, years-long fraud, diverting billions of customer funds from his FTX trading platform for his personal benefit. This caused losses of USD 8-10 billion. Like Madoff, Bankman-Fried, celebrated for his charitable donations and allegedly humble lifestyle, was capitalizing on the leap of faith of investors to use funds for his own purposes. The trick is not new; it has just gone digital.

Scammers often trigger specific emotions in their victims, including the fear of missing out, a sense of urgency, and greed, among others. These feelings suppress scepticism and caution.

While the crypto investment scam, in all its forms, remains an evergreen, other tactics target wealth owners more specifically. With a phishing email, scammers pose as a crypto exchange and warn their victims about suspicious activities on their account that may lead to it being closed. As soon as the link in the email is clicked and login details are shared, they get access to the account and transfer the deposits to their wallets.

Now it's good advice not to keep cryptocurrencies with exchanges. However, even with a ledger device, fraudsters find ways to access their victims' cryptocurrencies. They simply pose as an exchange that can't execute a transfer to the victim's ledger due to technical issues and offer ledger recovery support. To this end, the seed recovery phrase is shared with them, and they control the wallet. Or they pose as a ledger producer, highlighting a security problem and offering a free replacement. Again, with a few clicks, they gain control over their victims' wallets.

Another tactic is to offer new tokens that require a specific app to be connected to a wallet to receive them. There are thousands of cryptocurrencies, and with targeted social media campaigns, fraudsters create the narrative of the next big thing in crypto, offering a unique entry point at a discounted price for a short period. As soon as the app is downloaded and a fake smart contract is accepted to execute the transaction, a malware script empties the victim's wallet.

Crypto assets have gained a foothold in private wealth management and among high-net-worth investors, who are increasing their allocation to the asset class. And cybercriminals target the affluent for a simple reason: they follow the money. They add a touch of exclusivity, fake testimonials from their victims' network, promise outstanding opportunities, and encourage quick decisions. With personalized tactics, cryptocurrencies are merely an enabler for quickly transferring value to their pocket.

The Bottom Line

Cybercrime's next level is here: scalable deception, AI deepfakes, and instant value transfer. Thus, cybersecurity has become a crucial foundation for wealth preservation. If institutional players are already struggling with keeping up with the scammer's pace, this is even more relevant for affluent individuals and their family offices. Research indicates that, despite the increase in cyberattacks, many family offices lack adequate preparation for these threats.

Awareness is no longer enough to combat the sophistication of the cybercrime industry. Wealth owners and their family offices must implement comprehensive and robust cybersecurity plans to safeguard their wealth against an increasingly aggressive and expanding cybercrime menace. This includes identity protection, secure payment processes, deepfake resilience, enhanced account security, institutional-grade crypto custody, continuous training by professionals, and incident readiness. If you're wondering when to start, the answer is: now.

Cybersecurity Checklists for Family Offices

Practical Tools to Combat Next-Level Scams

  1. DEEPFAKE DETECTION CHECKLIST

      2. When receiving video/audio communications requesting transfers or sensitive information:

    • Visual Red Flags: * Unnatural eye movements or blinking patterns * Mismatched lighting between face and background * Blurring around the edges of the face * Inconsistent facial hair or skin texture * Lip-sync doesn't perfectly match audio * Sudden quality drops when the person moves
    • Audio Red Flags: * Monotone or unusual speech patterns * Background noise inconsistencies * Unnatural pauses or rhythm * Voice doesn't match emotional context * Technical glitches or artifacts
    • Verification Protocol: * Request a live callback using a pre-established number * Ask about a shared memory only the real person would know * Request they perform an unusual action (touch their ear, hold up fingers) * Use a pre-agreed code word for sensitive transactions * Verify through a separate, secure communication channel * If suspicious, delay action and investigate thoroughly
  1. CEO/BEC FRAUD PREVENTION CHECKLIST

      2. Before executing any unusual transfer request:

    • Initial Assessment: * Is this request outside normal patterns or procedures? * Does it bypass usual approval chains? * Is there unusual urgency or secrecy demanded? * Are you asked to use new or different bank details? * Is the communication style different from usual?
    • Verification Steps: * Call the requestor directly using a known number (not from the email) * Verify with a second authorized person independently * Check if the executive is actually traveling/in meetings as claimed * Confirm via the company's official communication channel * Review recent legitimate communications for comparison * Check email headers for spoofing indicators

      • Red Flag Phrases to Watch For:

      • "Urgent and confidential"
      • "Do not discuss with anyone"
      • "I'm traveling and unreachable"
      • "Use this new account for faster processing"
      • "Compliance has already approved"
      • "This is for a secret acquisition/project"
  1. CRYPTO SECURITY AUDIT CHECKLIST

      2. Monthly review for digital asset protection:

    • Wallet Security: * Hardware wallets used for significant holdings * Seed phrases stored in multiple secure physical locations * Never typed seed phrases into any digital device * Multi-signature setup for large holdings * Regular firmware updates on hardware wallets * Test transactions before large transfers
    • Exchange Security: * 2FA enabled on all exchange accounts (preferably hardware-based) * Withdrawal addresses whitelisted * Email notifications for all account activities * Regular review of API permissions * Limited funds kept on exchanges * Use of exchange vault/cold storage features where available
    • Operational Security: * Dedicated device/browser for crypto transactions * VPN usage for all crypto-related activities * Regular review of connected apps and smart contract permissions * Never click links in crypto-related emails * Verify all URLs character by character * Cross-reference announcements through multiple official channels
  1. FAMILY OFFICE CYBERSECURITY READINESS ASSESSMENT
    • Quarterly evaluation of defensive posture:
    • Technical Controls: * Endpoint detection and response (EDR) on all devices * Regular penetration testing conducted * Multi-factor authentication on all critical systems * Encrypted communication channels in use * Regular security patches applied within 48 hours * Backup systems tested monthly * Network segmentation implemented
    • Human Controls: * Quarterly security awareness training for all staff * Social engineering simulation tests conducted * Clear escalation procedures documented * Incident response plan updated and tested * Regular background checks on staff with access * Social media guidelines enforced * Travel security protocols in place
    • Vendor Management: * Security assessments for all critical vendors * Contractual security requirements defined * Regular audits of third-party access * Vendor breach notification requirements * Alternative vendors identified for critical services
  1. INCIDENT RESPONSE READINESS CHECKLIST

      2. Ensure these elements are in place BEFORE an incident:

    • Documentation Ready: * All critical account numbers and contacts documented offline * Law enforcement contacts identified (FBI IC3, local cybercrime unit) * Cyber insurance policy details accessible * Legal counsel contact information * PR/crisis communication plan prepared * Backup communication methods established
    • Technical Preparation: * Forensic imaging tools available * Logs retention policy implemented * Ability to isolate affected systems quickly * Clean backup restoration tested * Alternative payment processes defined * Recovery time objectives established
    • Team Readiness: * Incident response team roles defined * 24/7 contact list maintained * External forensics firm pre-vetted * Decision tree for ransom scenarios * Communication templates prepared * Regular tabletop exercises conducted
  1. DAILY SECURITY HABITS CHECKLIST

      2. For principals and key family office staff:

    • Morning Routine: * Review overnight security alerts * Check for unusual account activities * Verify no unexpected system changes * Confirm all expected transactions
    • Throughout the Day: * Verify sender before opening attachments * Question unexpected requests * Use secure channels for sensitive discussions * Lock screens when stepping away * Report anything suspicious immediately
    • End of Day: * Log out of all sensitive systems * Secure physical documents * Review the day's unusual events * Update passwords if any concerns * Confirm next day's expected activities
  1. SOCIAL ENGINEERING DEFENSE CHECKLIST

      2. Train all staff to recognize these tactics:

    • Emotional Triggers They Use: * Fear - "Your account will be closed" * Greed - "Exclusive investment opportunity" * Urgency - "Must act within 24 hours" * Authority - "CEO needs this immediately" * Social proof - "Other families are already invested" * Scarcity - "Only 3 spots remaining" * Curiosity - "See who's been viewing your profile"
    • Your Defense Protocol: * Pause - Never act immediately on unexpected requests * Verify - Always confirm through separate channels * Question - Ask yourself "Why now? Why me? Why this way?" * Document - Record all suspicious interactions * Report - Share with security team immediately * Learn - Discuss in team meetings to educate others
  1. VULNERABILITY SCANNING CHECKLIST

      2. Monthly review of exposure points:

    • Digital Footprint: * Google family members' names and review results * Check what information is on social media * Review data broker sites for personal information * Monitor dark web for compromised credentials * Audit what company information is public * Review metadata in published documents
    • Physical Security Digital Overlap: * Smart home devices regularly updated * Security cameras on separate network * Vehicle tracking systems secured * Personal device location sharing reviewed * Travel plans not posted publicly * Home automation schedules randomized

IMPLEMENTATION NOTES

Priority Order:

  • Start with the Daily Security Habits (builds culture)
  • Implement CEO/BEC Fraud Prevention (highest financial risk)
  • Conduct Cybersecurity Readiness Assessment (identify gaps)
  • Deploy Crypto Security if applicable
  • Train on Social Engineering Defense
  • Regular Vulnerability Scanning
  • Test Incident Response Readiness

Success Metrics:

  • Zero successful attacks in past quarter
  • 100% staff pass social engineering tests
  • All critical systems have MFA
  • Incident response tested quarterly
  • Recovery time under 4 hours
  • All vendors security-assessed

Remember: Security is not a product but a process. These checklists should be living documents, updated as threats evolve and lessons are learned.

These checklists complement the article "Next-Level Scams: AI, Crypto and The Assault on Private Wealth" by Markus Schwingshackl, published in HORIZONS: Family Office & Investor Magazine, Issue 11, and should be reviewed quarterly and updated based on emerging threats.

 
Previous Opalesque Exclusives                                  
Previous Other Voices                                               
Access Alternative Market Briefing


  • Top Forwarded
  • Top Tracked
  • Top Searched
  1. Global fintech investment slumps to seven-year low of $95.6bn[more]

    Laxman Pai, Opalesque Asia: Global fintech investment plummeted to $95.6 billion across 4,639 deals in 2024, marking its lowest level since 2017, as investors grappled with persistent macroeconomic challenges and geopolitical tensions, revealed a study. According to the Pulse of Fintech H2'

  2. Opalesque Exclusive: Private capital deal value climbed 19% in 2024[more]

    Bailey McCann, Opalesque New York: Private capital deal value climbed 19% in 2024, according to the latest data from the Global Private Capital Association. Growth was driven by big-ticket investments across Southeast Asia, Latin America and Central & Eastern Europe (CEE). Investor confidence

  3. Opalesque Roundup: Citco: 77% of hedge funds achieved positive returns in January 2025: hedge fund news[more]

    In the week ending February 21st, 2025, a report revealed that hedge funds enjoyed one of their best opening months this decade in January, as Equity and Multi-Strategy funds posted strong returns. Funds administered by the Citco group of companies (Citco) delivered a weighted average return of 4%,

  4. Opalesque exclusive: Permuto's new equity unbundling product to change investment model[more]

    Opalesque Geneva for New Managers: Here is a different way of owning stocks coming to you soon: the option of holding just the dividend portion of a stock, independent of its price movements. Or capturing the stock&

  5. Opalesque Exclusive: Hedge funds outperform mutual funds in managing extreme risk contagion - key insights for investors[more]

    Matthias Knab, Opalesque for New Managers: Hedge funds and mutual funds are among the most prominent vehicles for investors seeking growth and diversification. However, a critical question persists: which fund ty

Click here for More about Opalesque Tracking
- A new, unique Premium Service -
  1. launch
  2. RoundShield
  3. Qube
  4. QRT
  5. Torus
  1. mortgage fund
  2. viking
  3. Kenmar
  4. golden china
  5. Mark