Private equity and venture capital firms are complex organizations known for thriving in high risk, high reward environments. These firms have been historically very skilled at managing risk at the investment level, but often overlook other risks within the firm’s day-to-day operations.

The prolonged work-from-home environment caused by Covid-19 has presented bad actors with more opportunities to steal from private equity and venture capital firms than ever before. In fact, according to a March 2020 report published by Check Point Research, a total of 2,081 malicious domains designed to steal personal and confidential information from financial services firms were registered, of which 38 were malicious and 583 were suspicious. Often, these attacks result in successful fraudulent wire transfers that leave PE and VC firms vulnerable and short on cash.  

These fast-moving trends have investors asking themselves a difficult question: How do I protect my private equity firm from email compromise? 

In this article, we examine the most common ways professionals at private equity and venture capital firms fall victim to email compromise-induced wire fraud. Risk management is a shared responsibility within the firm – meaning fund administrators, executive assistants, members of the C-suite, and IT leaders alike should all be aware of these common pitfalls: 

1. Private equity and venture capital investors should beware of hackers that impersonate the top brass at the firm via email. These scams usually involve the use of fake emails “from” Managing Directors or Partners at the firm instructing that funds be wired in accordance with a deal or capital call. 
2. Sophisticated hackers have become familiar with the common vendors, suppliers, and data providers that private equity and venture capital firms rely on. When presented the opportunity, hackers impersonate service providers in an effort to “invoice” firms for services rendered. 
3. Bad actors systematically profile specific deal professionals within the firm – after all, they typically are prominently mentioned in press releases, deal tombstones, and other announcements. By doing so, hackers can redirect payroll, bonus, or other wage payments to these professionals through fraudulent wire transfers and deposits.
4. These malicious cyber threats on individuals can take advantage of sensitive employee information, as well. Commonly, these hackers will steal W-2 forms, social security numbers, or other personal employee information from investors which can be sold on the dark web. 
5. No matter if your firm has a robust IT infrastructure or out-sources its IT support, hackers often impersonate the very people your private equity or venture firm relies on to keep sensitive information safe. Often, these scams involve tricking personnel (especially analysts, interns, and administrators) into installing malware or revealing other confidential information that can lead to wire fraud.  
6. Hackers often impersonate other deal participants, such as lawyers, accountants, consultants, bankers, and brokers. By acting as a trusted member of a transaction’s inner circle, fraudsters can phish for bank account and other sensitive information that leaves the firm vulnerable to financial loss. 

Conclusion

Email compromise and other attacks on private equity and venture capital firms are getting increasingly sophisticated. According to Private Equity Wire Editor-in-Chief James Williams, firms are wise to admit their risk mitigation shortcomings. “With PE groups undergoing varying levels of digital transformation, there will need to be an even more forensic approach to data security in the years ahead; especially as cloud-based environments become more popular among global deal teams,” writes Williams. To learn more about business email compromise-induced wire fraud, and how your firm can proactively protect itself against threats, schedule a demo of the WireSecure product today.