Staying Ahead of Cyberattacks with MFA

With cyberattacks growing in prevalence, nearly 30% of ultra-high net worth (UHNW) families have fallen victim.

December 23, 2025

Time to Read: 5 minutes

A 2024 report on wealthy families revealed that nearly half (43%) of family offices surveyed around the globe suffered cyberattacks in the two years leading up to its publication.

Of that subset, 93% reported falling victim to phishing and 35% succumbed to malware attacks.¹One of the easiest ways to safeguard against an attack is multi-factor authentication (MFA). MFA significantly reduces the risk of unauthorized access by requiring multiple forms of identification.

How MFA Works (Combination of 2 out of 3)

Depending on the platform, MFA may include a blend of authentication prompts, such as text message (SMS) or voice message, or biometrics, like fingerprints or face scan. It can be deployed across email, bank and social media accounts, as well as online stores and streaming services.

If you don’t see an option for MFA on these applications, you can always reach out to the respective company, asking if they can enable the feature.

Social Engineering and Red Flags

Social engineering is an attempt to manipulate individuals into giving away sensitive information.

Three of today’s most common social engineering attacks are:

Phishing: Attackers use deceptive emails, messages or websites to impersonate trusted individuals or organizations, with the goal of tricking victims into revealing passwords, credit card numbers or personal details.
Remote access scams: Attackers pose as a trusted entity, such as tech support or a service provider, to gain remote control of victims’ computers or devices, allowing them to steal personal information, install malware or demand payment to fix fake issues.
Vishing or Voice Phishing: Scammers pose as trusted organizations, such as banks or government agencies, using phone calls or voice messages to get victims to reveal passwords, credit card numbers or other personal details.

It is also worth noting that advancements in artificial intelligence (AI) have led to a rise in cyberattacks. Since late 2022, there has been a 1,200% surge in phishing attacks.²

Beware of These Red Flags:

Best Practices to Safeguard Against Social Engineering:

Social engineering can take many forms, but its end goal is always to deceive targeted individuals into sharing confidential information.

Enable MFA wherever possible, selecting the strongest available option, as not all offer the same level of protection.
Do not click links or open attachments from unknown or unsolicited sources.
Never disclose passwords, PINs or confidential data via phone, email or messaging without proper verification.
Use verified contact details to reach out to the person or organization requesting information, so you can avoid fraud.
Only permit remote connections to your computer or mobile device in trusted situations and ensure that access is carefully monitored and secured.
Generally, avoid approving MFA requests you did not initiate.

If something feels off, trust your instincts and verify anyone who asks for access. And at BNY, you can always contact Wealth Online Support, where MFA is required, or reach out directly to your relationship team to confirm whether a request is genuine. With these best practices, you should feel empowered in your everyday digital interactions.

_{¹ Deloitte: The Family Office Insights Series – Global Edition, The Family Office Cybersecurity Report, 2024.}

_{² McKinsey & Company: AI is the greatest threat—and defense—in cybersecurity today. Here’s why. May 15, 2025.}

Article | Business Owners

Four Exit Strategies for Private Business Owners

Podcast | Individuals & Families

Policy Breakdown and Opportunities in 2026

Alicia Levine and Dan Clifton on 2026: consumer refunds, deregulation, Fed cuts, tariffs and midterm dynamics—why policy could turn headwinds into tailwinds for growth and earnings.

Article | Business Owners

Four Steps to Prepare Your Business for a Sale

The day will eventually come for most business owners when it’s time to sell the company they spent many years building.

Article | Business Owners

SALT and Strategy—What Wealthy Families Need to Know Now

How SALT deductions and exemptions reshape UHNW estate and tax planning under the One Big Beautiful Bill Act (OBBBA).

The Bank of New York Mellon, DIFC Branch (the “Authorized Firm”) is communicating these materials on behalf of The Bank of New York Mellon. The Bank of New York Mellon is a wholly owned subsidiary of The Bank of New York Mellon Corporation. This material is intended for Professional Clients only and no other person should act upon it. The Authorized Firm is regulated by the Dubai Financial Services Authority and is located at Dubai International Financial Centre, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE.

The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the Federal Reserve and authorized by the Prudential Regulation Authority. The Bank of New York Mellon London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon is incorporated with limited liability in the State of New York, USA. Head Office: 240 Greenwich Street, New York, NY, 10286, USA.

In the U.K. a number of the services associated with BNY Wealth’s Family Office Services– International are provided through The Bank of New York Mellon, London Branch, One Canada Square, London, E14 5AL. The London Branch is registered in England and Wales with FC No. 005522 and BR000818.

Investment management services are administered by BNY Mellon Investment Management EMEA Limited, BNY Mellon Centre, 160 Queen Victoria Street, London EC4V 4LA. Registered in England No. 1118580. Authorised and regulated by the Financial Conduct Authority. Offshore trust and administration services are through BNY Trust Company (Cayman) Ltd.

This document is issued in the U.K. by The Bank of New York Mellon. In the United States the information provided within this document is for use by professional investors.

This material is a financial promotion in the UK and EMEA. This material, and the statements contained herein, are not an offer or solicitation to buy or sell any products (including financial products) or services or to participate in any particular strategy mentioned and should not be construed as such.

BNY Mellon Fund Services (Ireland) Limited is regulated by the Central Bank of Ireland BNY Mellon Investment Servicing (International) Limited is regulated by the Central Bank of Ireland.

Trademarks and logos belong to their respective owners.

BNY Wealth conducts business through various operating subsidiaries of The Bank of New York Mellon Corporation. BNY is the corporate name of The Bank of New York Mellon Corporation and may be used to reference the corporation as a whole and/or its various subsidiaries generally.