4 Essential Cybersecurity Steps to Safeguard Your Capital Calls

Capital calls are a critical process in the private equity and venture capital industries. However, as the financial world becomes more digital, capital calls have become a prime target for cybercriminals seeking to defraud investors and divert funds. Cybercriminals exploit the sensitive nature of these transactions, leveraging sophisticated phishing techniques, email manipulation, and social engineering tactics to trick investors into transferring funds to fraudulent accounts.

At Pinnacle Fund Services, we have witnessed several attempts to infiltrate this process. Our experience has led us to develop best practices to help protect investors from these types of threats. Below, we outline four essential steps to safeguard your capital calls and avoid becoming a victim of fraud:

1. Verify the Email Address
2. Exercise Caution with Links and Attachments
3. Confirm the Capital Call with the Investment Manager
4. Use Call-back Procedures to confirm bank details

1. Verify the Email Address

One of the most common methods used by cybercriminals is email spoofing. This involves creating email addresses that closely mimic legitimate ones, often with just slight differences in spelling or domain names. These subtle changes can easily go unnoticed, especially in high-pressure situations where investors may feel the urgency to complete capital calls promptly.

To protect yourself, it is crucial to always verify the sender’s email address before acting on a capital call request. Pay careful attention to small details like misspellings or variations in the domain name. If you have any doubts, do not hesitate to cross-check the email with previous legitimate communications or directly contact the investment manager using a known contact method to confirm.

An example of spoofing would be changing “[email protected]” to “[email protected]”,  notice the extra ‘l’ in the domain name.

2. Exercise Caution with Links and Attachments

Cybercriminals frequently use links and attachments to deliver malware or lead victims to phishing websites designed to steal personal and financial information. Even if an email appears to come from a familiar source, exercising caution is essential.

Never click on unsolicited links or download attachments without verifying their legitimacy. If you are unsure, refrain from interacting with the email entirely and consult your IT department for assistance. An IT expert can inspect the email for signs of phishing or malware, helping you avoid potentially costly mistakes.

3. Confirm the Capital Call with the Investment Manager

Before transferring any funds as part of a capital call, it is essential to confirm the legitimacy of the request. The best way to do this is by directly contacting the investment manager using a verified phone number—not one listed in the potentially fraudulent email. Confirm the amount of the call, timing of the payment, and bank account information to ensure that everything is accurate.

This simple step can go a long way in preventing fraud. While email is a convenient communication tool, it should never be the sole method for confirming sensitive financial information.

4. Use Call-Back Procedures to Confirm Bank Details

Never rely on an email or attachment alone to verify bank account details. Even if the email appears legitimate, a cybercriminal who has accessed your email could reply with fraudulent information. To combat this, implement a call-back procedure where you verbally confirm the bank account details with the investment manager or administrator over the phone. Make sure to use a known and trusted phone number – not one listed in the email.

This extra verification step ensures that you are sending funds to the correct account while adding an additional layer of security to your capital call process.

Conclusion

Cybersecurity threats targeting capital calls are a growing concern for investors and fund managers. By following these essential precautions, you can reduce the risk of falling victim to attacks and safeguard your capital calls. When in doubt, always err on the side of caution and verify the authenticity of any capital call request before transferring funds.

Maintaining vigilance and taking a proactive approach to cybersecurity is essential for safeguarding your investors and ensuring financial security.

If you have any questions about your capital call process, please contact David Smith at [email protected] or 1-604-559-8921.