| Qual IT
Last December, a portfolio manager at a boutique wealth management firm in Salt Lake City received a text that seemed to come directly from the firm’s founding partner: "Need $2,000 in Visa gift cards for top clients. Email codes immediately."
Holiday chaos, client deadlines, and year-end tax planning had the team stretched thin. The manager complied without hesitation. Hours later, they realized they’d been scammed—and the breach triggered a full-blown internal audit.
But that scam was minor compared to what happened to an advisory firm in California, where an advisor received what appeared to be internal emails about client disbursements. Everything looked legitimate—except the money was wired to fraudsters. That single mistake cost them $3.1 million in client assets and nearly torched their firm’s reputation.
If you think your Salt Lake City firm is too small or too smart to be targeted, think again. According to FINRA, over 70% of cybersecurity incidents in the financial services sector in 2024 stemmed from phishing and business email compromise (BEC). And the holidays? They’re prime time for these attacks.
5 Holiday Scams Every Salt Lake City Financial Advisor Must Watch For
- "Your Partner Needs Gift Cards" (The $2,000 Trap)
The Scam: Fraudsters impersonate firm leadership and pressure employees into buying gift cards for "client gifts" or "appreciation campaigns." In the financial sector, these scams often target administrative staff during the end-of-year gift-giving season.
Prevention: Create a strict internal policy that no gift card purchases are allowed without a signed internal form and verbal confirmation. Make it clear that leadership will never request gift cards over text or email.
- Wire Transfer Phishing (The Silent Firm Killer)
The Scam: Hackers insert themselves into ongoing email threads between advisors and custodians or vendors, subtly altering wiring instructions. These social engineering attacks are sophisticated, especially around year-end disbursements.
Prevention: Any wiring or payment changes over $5,000 must be verbally confirmed using a number already on file. Implement a two-person approval process for all outgoing transfers.
- Fake SEC or Custodian Notices
The Scam: You receive an email pretending to be from the SEC, FINRA, or your custodian, stating a compliance audit or urgent disclosure is due. The link installs spyware or ransomware.
Prevention: Never click links in emails claiming to be from regulators. Log into your portals directly. Train your staff to recognize these red flags and report them immediately.
- Malicious "Holiday Party Schedule" Attachments
The Scam: A seemingly harmless attachment titled "Holiday_Schedule.pdf" is actually malware disguised as a staff calendar or invite.
Prevention: Disable all macros by default, use email filters to scan attachments, and verify unknown files with your IT team. If it looks odd, don’t open it.
- Bogus Year-End Charity Campaigns
The Scam: Fraudsters send phishing emails pretending to be from internal staff running a "charity match" or "firm-wide giving campaign."
Prevention: Distribute an internal list of verified charitable campaigns. No donations should be made unless processed through known, secure platforms.
Why These Scams Work So Well (And What Salt Lake Firms Can Do Differently)
The very technology that helps your advisory firm serve clients—email, CRMs, cloud planning software, and digital paperwork—is exactly what cybercriminals exploit. These aren’t low-level scams. These are targeted, researched attacks tailored for the financial services industry.
In fact, the SEC now requires all registered investment advisors to demonstrate a cybersecurity protocol. But most small-to-mid-sized firms in Salt Lake City? They’re barely compliant.
Firms that run regular phishing simulations reduce their cyber risk by up to 60%.
Multifactor Authentication (MFA) blocks over 99% of account hacks—yet many firms still rely on single-password access for email and client portals.
Your Holiday Cybersecurity Checklist (Salt Lake Edition)
✅ The Two-Person Rule
Every transaction or client disbursement over your risk threshold (typically $5,000) must be verified and approved by two team members through separate channels.
✅ Gift Card Policy
Create a clear, written firm-wide policy that prohibits any gift card requests via text or email. All purchases must go through secure, verified workflows.
✅ Vendor Verification
Never update vendor banking details without confirming over the phone using a known contact number. Never trust the number listed in the email.
✅ Multifactor Authentication
Turn on MFA across every login: email, cloud planning software, CRM, and especially anything client-facing.
✅ Holiday Awareness Training
Host a 15-minute all-hands meeting outlining these five scams. Use real-world examples from within the financial advisory industry to make it resonate.
The Real Cost of a Holiday Breach for Financial Advisors
Orion S.A.'s $60 million wire fraud made global headlines, but here in Salt Lake City, the ripple effects of even a minor breach can be catastrophic:
- Advisors pulled off client-facing duties during year-end review season
- Data loss or exposure triggering state and federal breach disclosures
- Compliance scrutiny and higher cyber insurance premiums
- Loss of client trust at the worst possible time
The average cybersecurity incident in a small advisory firm costs $141,000 according to the SEC. That’s not including reputation damage or regulatory fines.
Protect Your Firm, Protect Your Clients
The holiday season should be a time to reflect on growth and prepare for a new year—not scramble to recover from a cyberattack. The good news? Most attacks can be stopped with a handful of smart protections and a proactive IT partner.
At Qual IT, we specialize in supporting financial advisors across Salt Lake City with compliance-first managed IT services, including:
- Financial industry cybersecurity protocols
- SEC/FINRA compliance readiness
- Secure cloud migration & CRM integration
- 24/7 helpdesk for critical issues (yes, even during the holidays)
Don’t wait until something breaks. Let us help you secure your advisory firm before it costs you everything.
Click here to schedule your free network assessment now.
Because the best gift you can give your business this season is peace of mind.
