‘URGENT! S-RM IS SHARING A FILE WITH YOU’:  Protecting your family from the growing threat of advanced cyber attacks

If someone robs your house, you’ll probably know what was stolen, change the locks, install an alarm, and re-establish a sense of security, even if the perpetrator remains at large. Not so in the case of many cybercrimes. When successful, it is often unclear what has been stolen, who the perpetrator is, or even whether they are still in your proverbial house. Victims of such crimes often feel a sense of helplessness and insecurity from this invasion of their privacy, which can last months, if not years, as they seek to re-establish control over their private information.

91% of cyber-attacks still start with a phishing email, and they are becoming increasingly targeted, sophisticated, and harder to detect.

During its investigations last year, S-RM identified a significant increase in the success of these attacks, driven by the growing patience and persistence of attackers to learn their targets’ patterns of online behaviour, before delivering an attack. It is therefore more important than ever to remind family members and staff of the severity and significance of such attacks, as well as how to spot them.

PAs, assistants and other staff are frequently the target of such attacks due to their close and trusted relationships with family members. In a recent case, for example,

the attacker spent over three months persistently phishing a CEO’s PA until they captured her email credentials.

Having gained access to her account, the attacker set up several fake websites to impersonate the CEO’s wine dealer, sending fraudulent invoices for orders identical to the target’s regular purchases. The precision of such attacks makes them easy to overlook, but there are always giveaways. Tell-tale signs may include changes in the writing style or timing of emails from known contacts. For example, unusual behaviour like an email being sent in the middle of the night may be an indication that an attacker is using their mailbox to distribute phishing emails without their knowledge.

Staff shouldn’t necessarily be viewed as a weak point, however. With the right training, they can act as a highly effective line of defence. In an investigation last year, an attacker targeted a family office with seven individually crafted phishing emails, seeking to procure the email login credentials of their children. The family narrowly avoided significant financial losses, thanks to the intervention of a quick-thinking assistant picking up on the fraudulent request. In this instance, the attacker sought to create a sense of urgency. Phishing emails will often be unexpected and demand fast action by the target. For example, they may say a request is “urgent” or that a link will ‘expire soon’. If you are not expecting the email, doublecheck with the sender to ensure its legitimacy.

Perhaps the most chilling aspect to these attacks is the length of time attackers will lie dormant with access to your accounts and devices.

The average ‘dwell time’, which is the time taken for the victim of an attack to become aware of it, was 101 days in 2017, meaning that attackers may have access to your personal information for months before striking.

Last year we dealt with an incident in which cyber criminals compromised a corporate broker’s email but waited over six months before issuing the coup de grace, on the day before an investment launch. Over £2.5m was put at risk as the attacker sent various fraudulent payment instructions to redirect the investment funds. Quick intervention by our forensics team mapped the extent of the attacker’s access and knowledge of the investment, identified the false instructions, and liaised with authorities to put a freeze on the transfers. In most cases, easy, inexpensive improvements to security could have deterred the attackers. Setting up multi-factor authentication (MFA) for example, is an effective means of preventing attackers from gaining prolonged access and is essential for any accounts that hold sensitive personal or financial information.

Financial losses aside, cyber-attacks are a gross invasion of privacy which alone can be incredibly traumatic, especially for families. S-RM’s incident response team are adept at containing the impact of such attacks, by identifying what has been stolen, securing compromised accounts and devices, and monitoring dark web forums for indicators of leaked information. This can provide invaluable peace of mind and help you and your family re-establish a sense of security in the event of a crisis.


 Taking Basic Precautions Against Cybercrime 

S-RM has identified four key threats to private clients and their households:

 1. Phishing: 

Attackers create emails to either obtain credentials, deliver malware, extract payment, or information. In their most common form, they may imitate invoices, or file-sharing links that ask for your password to view a document.

Look out for: Always be suspicious. You should be wary if you are ever contacted unexpectedly, if anyone asks for credentials or financial information, or if someone puts pressure on you to do an action. For example, if your bank emails you and you are suspicious, phone them instead of replying to the email to ensure you are contacting them and not an attacker.

 2.  Domain impersonation: 

Domain impersonation is a method of attack in which attackers deceive users into thinking they are accessing or contacting a legitimate domain by making slight alterations in its spelling or appearance. Attackers then abuse the trust we have for the domain they impersonate, usually to conduct financial fraud.

For example, s-rminform.com could be: s-rnninform.com, s-rrninform.com.

Look out for: Always check the URL (website address) when visiting a website. If you doubt the website or link’s legitimacy google the company and enter the site that way as opposed to following a link in an email.

 3. Technical Exploit: 

Vulnerabilities in software are exploited by a malicious individual to gain access to your device or network. With this access, the attacker may attempt to steal information such as sensitive documents, or even intercept network traffic looking for information such as banking credentials.

Look out for: Simple security measures such as changing the default password on your Wi-Fi router make it harder for criminals to gain access. Simple security measures such as keeping your mobile and personal computers up-to-date and using complex passwords on your devices make it harder for criminals to gain access.

 4. Malicious Applications: 

Malicious applications can contain something called Trojans which is code that can be used by an attacker to try and gain access to devices, whether this be your device’s camera or microphone, or even access to your messages and calls.

Look out for: Only download applications from approved stores such as the Apple Store. Be aware that even legitimate applications such as ride-hailing apps do record lots of information, including location data. Consider turning off location data on your device when it is not in use.



Crime in London increased by 6 percent between FY16/17 and FY17/18.  The most recently available statistics suggest this increase was driven by almost all crime categories.



Using Kensington and Chelsea as a benchmark area for S-RM HNW clients, the following statistics show the latest available crime trends. The statistics cover the year ending June 2018:

  • The overall crime rate in Kensington & Chelsea was the second highest in London; only topped by the City of Westminster (139.21 crimes per 1,000 inhabitants).
  • The vehicle crime rate in Kensington & Chelsea was the highest in London, with over 20 vehicle crimes per 1,000 inhabitants.
  • Kensington & Chelsea experienced the second highest level of burglaries in London.
  • Robbery levels in the borough were above the Metropolitan Police force area average.
  • The drug offence rate in Kensington & Chelsea was the highest for the Metropolitan Police force area.



 Staying safe – how can S-RM help? 

1. Property Review

Our onsite reviews assess your property’s physical, technical and procedural security systems, and provide recommendations on how to resolve any identified vulnerabilities. Our Threat Assessment and Resilience Review takes into account any specific threats to you or your property, and also focuses on related travel, private and corporate interests.

2. Embedded Security

Discreet and unobtrusive, our Close Protection Officers ensure UHNW families benefit from invaluable peace of mind.

3. Cyber Security

Our team will enable you to secure your data and systems and pre-empt and respond to changing cyber security threats. S-RM’s social media reviews and online profile assessments enable you to identify potential online threats, allowing you to act to protect yourself and your family.

4. Staff Training

We deliver bespoke, on-site practical training packages for family offices and household staff. Training covers incident response, first aid, media training and cyber security awareness.

Download the full version of our latest insights for private clients and their households:

Our highly experienced Private Client Security team works closely with our cyber security specialists and intelligence analysts to ensure that we deliver our clients the very best service available. Our work requires us to remain alert to changing trends globally, whether this be a shift in the nature of crime in London or a development in the way kidnap for ransom is being carried out in Latin America. Find out more here.