Waverly Secure – September 2025
The Pretender Protocol: How Cybercriminals Exploit Human Trust
Cybercriminal groups such as Scattered Spider have been increasingly relying on a tactic that security experts call impersonation attacks. By using personal or corporate information stolen in previous data breaches, these groups pose as trusted individuals, employees, clients, or even executives, to trick victims into granting access, sharing sensitive data, or approving fraudulent transactions.
This strategy, which we refer to as The Pretender Protocol, is highly effective because it targets the human side of cybersecurity rather than technical defenses. When an attacker already has enough background information to convincingly pose as someone you know, traditional security tools may not be enough to raise red flags.
How it Works
-
Criminals purchase or steal personal information from the dark web.
-
They craft emails, texts, or calls that closely mimic legitimate communications.
-
Victims are pressured to act quickly, whether it’s resetting a password, clicking a link, or transferring funds.
Why it Matters in Wealth Management
Because wealth management involves frequent communication about sensitive and financial matters, impersonation attacks can be particularly dangerous. A message that appears to come from a trusted advisor or institution may not raise immediate suspicion, making it critical to pause and verify before taking action.
How to Protect Yourself
- Confirm requests: If you receive an unexpected request related to money movement or account access, call your advisor or the firm directly using a trusted phone number.
- Be cautious with urgency: Fraudsters often pressure you to act quickly. Take the time to confirm before responding.
- Safeguard your information: Limit the sharing of personal details online, and update passwords regularly.
Cybercriminals count on trust to bypass technical safeguards. Staying alert and verifying before you act is one of the most effective ways to protect yourself and your financial security.
IMPORTANT DISCLOSURES
THE INFORMATION PRESENTED IN THIS DOCUMENT IS FOR GENERAL INFORMATIONAL AND EDUCATIONAL PURPOSES, AND IS NOT SPECIFIC TO ANY INDIVIDUAL’S PERSONAL CIRCUMSTANCES. NOTHIN The Pretender Protocol: How Cybercriminals Exploit Human Trust
Cybercriminal groups such as Scattered Spider have been increasingly relying on a tactic that security experts call impersonation attacks. By using personal or corporate information stolen in previous data breaches, these groups pose as trusted individuals, employees, clients, or even executives, to trick victims into granting access, sharing sensitive data, or approving fraudulent transactions.
This strategy, which we refer to as The Pretender Protocol, is highly effective because it targets the human side of cybersecurity rather than technical defenses. When an attacker already has enough background information to convincingly pose as someone you know, traditional security tools may not be enough to raise red flags.
How it Works
-
Criminals purchase or steal personal information from the dark web.
-
They craft emails, texts, or calls that closely mimic legitimate communications.
-
Victims are pressured to act quickly, whether it’s resetting a password, clicking a link, or transferring funds.
Why it Matters in Wealth Management
Because wealth management involves frequent communication about sensitive and financial matters, impersonation attacks can be particularly dangerous. A message that appears to come from a trusted advisor or institution may not raise immediate suspicion, making it critical to pause and verify before taking action.
How to Protect Yourself
- Confirm requests: If you receive an unexpected request related to money movement or account access, call your advisor or the firm directly using a trusted phone number.
- Be cautious with urgency: Fraudsters often pressure you to act quickly. Take the time to confirm before responding.
- Safeguard your information: Limit the sharing of personal details online, and update passwords regularly.
Cybercriminals count on trust to bypass technical safeguards. Staying alert and verifying before you act is one of the most effective ways to protect yourself and your financial security.
G IN THIS DOCUMENT CONSTITUTES, OR SHALL BE RELIED UPON AS INVESTMENT, LEGAL, OR TAX ADVICE TO ANY PERSON. THE INFORMATION IN THIS DOCUMENT IS PROVIDED EFFECTIVE AS OF THE DATE OF ITS PUBLICATION, DOES NOT NECESSARILY REFLECT THE MOST CURRENT STATUS OR DEVELOPMENT, AND IS SUBJECT TO REVISION AT ANY TIME. INVESTING INVOLVES RISK, AND PAST PERFORMANCE DOES NOT NECESSARILY PREDICT FUTURE RESULTS. NONE OF WAVERLY, OR ANY OF ITS OFFICERS, MEMBERS OR AFFILIATES, IN ANY WAY WARRANT OR GUARANTEE THE SUCCESS OF ANY ACTION THAT ANYONE MAY TAKE IN RELIANCE ON ANY STATEMENTS OR RECOMMENDATIONS IN THIS DOCUMENT.
WAVERLY ADVISORS, LLC (“WAVERLY”) IS AN SEC-REGISTERED INVESTMENT ADVISER. A COPY OF WAVERLY’S CURRENT WRITTEN DISCLOSURE BROCHURE AND FORM CRS (CUSTOMER RELATIONSHIP SUMMARY) DISCUSSING OUR ADVISORY SERVICES AND FEES REMAINS AVAILABLE AT HTTPS://WAVERLY-ADVISORS.COM/. YOU SHOULD NOT ASSUME THAT ANY INFORMATION PROVIDED SERVES AS THE RECEIPT OF, OR AS A SUBSTITUTE FOR, PERSONALIZED INVESTMENT ADVICE FROM WAVERLY ADVISORS, LLC (“WAVERLY”). THIS INFORMATION SHOULD BE USED AS A REFERENCE ONLY. TALK TO YOUR WAVERLY ADVISOR, OR A PROFESSIONAL ADVISOR OF YOUR CHOOSING, FOR GUIDANCE SPECIFIC TO YOUR SITUATION. PLEASE NOTE: THE SCOPE OF THE SERVICES TO BE PROVIDED DEPENDS UPON THE NEEDS OF THE CLIENT AND THE TERMS OF THE ENGAGEMENT.
INVESTMENT ADVISORY SERVICES ARE OFFERED BY WAVERLY ADVISORS, LLC, AN INVESTMENT ADVISER REGISTERED WITH THE SECURITIES AND EXCHANGE COMMISSION. © 2024 WAVERLY ADVISORS, LLC. ALL RIGHTS RESERVED.