By Steve Conley, Academy of Life Planning
As holistic wealth planners, we’re not just guardians of financial well-being—we’re also gatekeepers of client trust and personal security. Yet in today’s digital-first environment, that responsibility extends far beyond traditional financial advice. We’ve become frontline defenders against cyber-enabled fraud, and phishing remains one of the most pervasive threats.
Below are five critical phishing scams every planner must understand—alongside clear actions to keep yourself, your practice, and your clients protected.
1. Spear Phishing: When Familiarity is Faked
What it is:
Spear phishing targets individuals with highly personalised emails—often appearing to come from a provider, a colleague, or even a trusted client. Scammers monitor inboxes, mimic communication styles, and insert fraudulent fund transfer details into seemingly routine instructions.
How to guard against it:
- Verify any request involving funds or credentials through a second channel (e.g., a call or secure portal).
- Watch for unusual language or slight email discrepancies.
- Escalate anything suspicious—better safe than sorry.
2. Vishing: The Voice of Authority—Faked
What it is:
Vishing is voice phishing. Fraudsters call pretending to be trusted figures like providers or internal staff. Under pressure, planners or support teams may be coaxed into handing over sensitive access or authorising transactions.
How to guard against it:
- Set clear internal protocols for caller identity verification.
- Never share credentials over the phone.
- Remind your team: urgency doesn’t override security.
3. Quishing: QR Codes with a Catch
What it is:
“Quishing” uses QR codes to lead users to spoofed websites or malware. These codes may appear in emails or documents that look legitimate but redirect users to phishing portals.
How to guard against it:
- Avoid scanning QR codes from unsolicited sources.
- Use official portals or pre-saved bookmarks to access sensitive tools.
- Train staff to treat QR codes with the same caution as unfamiliar links.
4. Internal Impersonation & Supplier Spoofing
What it is:
Emails may appear to come from within your firm—often spoofing senior advisers or known suppliers. A common ploy is an “urgent” request for payment or action.
How to guard against it:
- Build a culture where double-checking is encouraged, regardless of seniority.
- Monitor for email spoofing with domain protection (e.g., SPF, DKIM, DMARC).
- Treat unusual internal requests with the same scrutiny as external ones.
5. Compromised Clients: The Hidden Risk
What it is:
Sometimes the scam doesn’t come for you—it comes through your client. When a client’s email is compromised, a fraudster may send fake fund instructions or change-of-bank requests directly to the adviser.
How to guard against it:
- Always confirm changes to payment details through a secondary channel.
- Educate clients on how your firm will communicate and verify instructions.
- Stay alert for subtle shifts in tone or language in client messages.
Five Practical Habits for Every Planner
To strengthen your cyber resilience, embed these everyday habits:
- Pause and verify: Always double-check urgent or sensitive requests.
- Hover before you click: Inspect all links. Ensure they match the sender and use HTTPS.
- Protect credentials: Use multi-factor authentication and unique passwords.
- Report everything: No red flag is too small. Escalation saves firms.
- Stay informed: Keep phishing education regular and engaging for your team.
Trust, But Always Verify
Phishing isn’t a tech problem—it’s a human capital vulnerability. In a business built on trust and personal relationships, it’s vital to foster a culture of vigilance, where caution is a strength, not a sign of mistrust.
Cyber resilience must now be part of what it means to be a professional, ethical, and future-fit planner in 2025.
Stay alert. Stay aligned. And above all—stay human.
Your Money or Your Life
Unmask the highway robbers – Enjoy wealth in every area of your life!
By Steve Conley. Available on Amazon. Visit www.steve.conley.co.uk to find out more.
Academy of Life Planning 