AI Deepfakes Are a Growing Threat to Financial Advisors
AI Deepfakes Are a Growing Threat to Financial Advisors
Publish Date: 2026-06-03 11:18:00
Source Domain: www.wealthmanagement.com
Using an unordered list, summarize the following article with between 4 and 8 key points. On a set of large screens on both sides of the stage set for a panel discussion at the BNY INSITE Conference, in Aurora, Colo., Paul Caulfield, the chief compliance officer for Insigneo Advisors, appeared and addressed the audience. He began by saying he was not Paul Caulfield.“I am a synthetic version of him. I’m here today to explain that all is indeed not what it seems. Consider this. Consider that I was a synthetic representation of your own high-net-worth client,” the face said. “Better yet, consider that I was a synthetic representation of an ultra-high-net-worth prospect, someone you do not know well enough. How would you react? Would this seem convincing?”Onstage, the real Paul Caufield told audience members he’d made the video in about 15 minutes spread over a day, and he showed it as an example of how easily artificial intelligence can be used to defraud seasoned financial advisors.Related:Cybersecurity Is a Governance IssueCaulfield was joined by Jeff Pollack, the interim global lead for identity and access management at BNY, and Keith Lanton, the president of the New York-based firm Herold & Lantern Investments, who detailed his firm’s experience with a cyberattack earlier this year.While Lanton said the firm was lucky that hackers were not after personally identifiable information and that they were not successful in their goal, he said he quickly “got religion” to make sure the firm’s defenses were more robust than before, as bad actors’ skill and technical tools were only bound to get better.“If you think about the fog of war and what’s going on, we didn’t know that we shut them down when we shut them down. We didn’t know the damage had been limited,” Lanton said. “So I say to each of you in this room, think about what your policies and procedures are. Think about what you would do if suddenly you discovered that something was infiltrated that you didn’t know could be infiltrated—and what you would do about it.”While financial services firms are increasingly using AI tools in cyber protection, hackers are using the same tools to achieve greater cybercriminal success with less time and expense. According to Cyber Magazine, Moody’s warned financial institutions that frontier AI is increasing threats to their businesses, finding that the gap between cyber attacks and the response from victims is widening, and that tools like Anthropic’s Mythos will make the “magnitude and sophistication of attacks” likely to increase.According to Caulfield, many of the biggest recent cyber breaches didn’t concern client funds, but focused on PII and other data, with “terabytes of personal information” exposed for hackers to sell or use. Related:LPL Claims Hackers Accessed Client Accounts Through Advisors’ DevicesIn recent months, financial firms including LPL Financial, Cetera, Ameriprise, Hightower, Edelman Financial Engines, Beacon Pointe Advisors and Mariner have disclosed data breaches to regulators (or been accused in class-action lawsuits of failing to protect clients’ personal data).Lanton noted that in the three decades since he started the firm, the kind of data a firm like his had become far more valuable, and that hackers have known ways to steal it and target clients with it (even using the information in such a way that the theft could never be tracked back to the firm itself). Over time, smaller and mid-sized firms like Lanton’s became attractive targets.“Paul started this out with that video. In order to generate something of that capability, just a few years ago required a tremendous expense, and you wouldn’t utilize that expense unless you were going after a very large benefit,” he said. “Today, because of the advent of tools and technology, you can target, very cheaply, a lot of smaller firms, and there’s a lot better payoff.”For Bob Coppola, the chief technology officer for Sanctuary Wealth, AI-enabled threats were “frightening.” In an earlier panel at INSITE, he warned that cumbersome older threats no longer existed, with phishing increasingly easy to confuse people (and at scale).Related:In Betterment’s Recent Social Engineering Incident, a Reminder To Be Cyber PreparedWhen faced with technology that can fake a client’s voice and face, Caulfield suggested that advisors and clients use a kind of “human PIN code,” such as a private word or phrase the two could share if something in a conversation feels off. For Caulfield, firms need to be able to answer five questions when assessing their preparedness for a cyber incident. First, they need to know who they can or will call in the event of a breach (whether it’s internal or to a cybersecurity provider). Reps must also be able to describe what happened to a subject matter expert, including how bad it is. Firms also need to know when they can recover (or even if they can) from the incident.“And then, number five, how do we not have it happen again?” he said. “Or, how do we make sure that if it happens again, it’s not as painful?”
