Staying Ahead of Cyberattacks with MFA

With cyberattacks growing in prevalence, nearly 30% of ultra-high net worth (UHNW) families have fallen victim.

December 23, 2025

Time to Read: 5 minutes

A 2024 report on wealthy families revealed that nearly half (43%) of family offices surveyed around the globe suffered cyberattacks in the two years leading up to its publication.

Of that subset, 93% reported falling victim to phishing and 35% succumbed to malware attacks.¹One of the easiest ways to safeguard against an attack is multi-factor authentication (MFA). MFA significantly reduces the risk of unauthorized access by requiring multiple forms of identification.

How MFA Works (Combination of 2 out of 3)

Depending on the platform, MFA may include a blend of authentication prompts, such as text message (SMS) or voice message, or biometrics, like fingerprints or face scan. It can be deployed across email, bank and social media accounts, as well as online stores and streaming services.

If you don’t see an option for MFA on these applications, you can always reach out to the respective company, asking if they can enable the feature.

Social Engineering and Red Flags

Social engineering is an attempt to manipulate individuals into giving away sensitive information.

Three of today’s most common social engineering attacks are:

Phishing: Attackers use deceptive emails, messages or websites to impersonate trusted individuals or organizations, with the goal of tricking victims into revealing passwords, credit card numbers or personal details.
Remote access scams: Attackers pose as a trusted entity, such as tech support or a service provider, to gain remote control of victims’ computers or devices, allowing them to steal personal information, install malware or demand payment to fix fake issues.
Vishing or Voice Phishing: Scammers pose as trusted organizations, such as banks or government agencies, using phone calls or voice messages to get victims to reveal passwords, credit card numbers or other personal details.

It is also worth noting that advancements in artificial intelligence (AI) have led to a rise in cyberattacks. Since late 2022, there has been a 1,200% surge in phishing attacks.²

Beware of These Red Flags:

Best Practices to Safeguard Against Social Engineering:

Social engineering can take many forms, but its end goal is always to deceive targeted individuals into sharing confidential information.

Enable MFA wherever possible, selecting the strongest available option, as not all offer the same level of protection.
Do not click links or open attachments from unknown or unsolicited sources.
Never disclose passwords, PINs or confidential data via phone, email or messaging without proper verification.
Use verified contact details to reach out to the person or organization requesting information, so you can avoid fraud.
Only permit remote connections to your computer or mobile device in trusted situations and ensure that access is carefully monitored and secured.
Generally, avoid approving MFA requests you did not initiate.

If something feels off, trust your instincts and verify anyone who asks for access. And at BNY, you can always contact Wealth Online Support, where MFA is required, or reach out directly to your relationship team to confirm whether a request is genuine. With these best practices, you should feel empowered in your everyday digital interactions.

_{¹ Deloitte: The Family Office Insights Series – Global Edition, The Family Office Cybersecurity Report, 2024.}

_{² McKinsey & Company: AI is the greatest threat—and defense—in cybersecurity today. Here’s why. May 15, 2025.}

Article | Business Owners

Avoiding Negative Alpha: How Master Custody Helps Preserve Wealth Across Generations

Why operational oversight may matter as much as investment performance over time.

Article | Individuals & Families

Cybersecurity Best Practices

When it comes to personal information, you can’t be too careful. Because we depend on technology to manage many aspects of our daily lives, it’s important to remain vigilant.

Article | Business Owners

The Business of Selling Your Business

Developing an exit strategy well in advance of the sale of your business can make a big difference in the outcome. At BNY Wealth, we understand the personal importance of your business, as it may serve as the primary source of income for you and your family. That’s why preparing for the sale of your business requires careful planning well in advance of the transaction.

Article | Business Owners

What Business Owners Should Know About Estate Taxes

The death of an owner of a closely held business puts enough strain on operations without the added pressure of estate tax liability. In today’s challenging economic environment, forcing liquidity within nine months of an estate event can be detrimental. This may lead to a fire sale of the business or an unfavorable reallocation of resources, harming future growth and cash flow.

The Bank of New York Mellon, DIFC Branch (the “Authorized Firm”) is communicating these materials on behalf of The Bank of New York Mellon. The Bank of New York Mellon is a wholly owned subsidiary of The Bank of New York Mellon Corporation. This material is intended for Professional Clients only and no other person should act upon it. The Authorized Firm is regulated by the Dubai Financial Services Authority and is located at Dubai International Financial Centre, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE.

The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the Federal Reserve and authorized by the Prudential Regulation Authority. The Bank of New York Mellon London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon is incorporated with limited liability in the State of New York, USA. Head Office: 240 Greenwich Street, New York, NY, 10286, USA.

In the U.K. a number of the services associated with BNY Wealth’s Family Office Services– International are provided through The Bank of New York Mellon, London Branch, One Canada Square, London, E14 5AL. The London Branch is registered in England and Wales with FC No. 005522 and BR000818.

Investment management services are administered by BNY Mellon Investment Management EMEA Limited, BNY Mellon Centre, 160 Queen Victoria Street, London EC4V 4LA. Registered in England No. 1118580. Authorised and regulated by the Financial Conduct Authority. Offshore trust and administration services are through BNY Trust Company (Cayman) Ltd.

This document is issued in the U.K. by The Bank of New York Mellon. In the United States the information provided within this document is for use by professional investors.

This material is a financial promotion in the UK and EMEA. This material, and the statements contained herein, are not an offer or solicitation to buy or sell any products (including financial products) or services or to participate in any particular strategy mentioned and should not be construed as such.

BNY Mellon Fund Services (Ireland) Limited is regulated by the Central Bank of Ireland BNY Mellon Investment Servicing (International) Limited is regulated by the Central Bank of Ireland.

Trademarks and logos belong to their respective owners.

BNY Wealth conducts business through various operating subsidiaries of The Bank of New York Mellon Corporation. BNY is the corporate name of The Bank of New York Mellon Corporation and may be used to reference the corporation as a whole and/or its various subsidiaries generally.