Professional and highly skilled cybercrooks are now focusing their attention on the targets that provide the biggest payoff with the lowest risk. Crooks call them "Candy Stores."
Candy Stores are the most affluent personal targets - higher net worth families, professional advisors, and successful small business owners who not only offer the best payoff to hackers and identity thieves but also provide a gateway to endless other assets.
The crooks are after more than money. Data is the currency of cybercrime, and Candy Stores provide access to a wealth of valuable information that includes personal and corporate secrets, business and social contacts, customer and employee files, and financial and investment information.
For the affluent consumer the worry is also about reputation, retirement, public embarrassment, family, bucket list, partners and business associates, legacy, wasted time, private secrets, business deals.
And while the business of cybercrime is evolving rapidly, almost daily, for the last decade consumer security has changed little. For most consumers, options are limited to a cookie-cutter identity protection service and some antivirus software. That's it. For the more affluent consumers, who are targeted by the more sophisticated attackers, these defenses offer little resistance.
So Why Target Candy Stores?
A Candy Store (their term, not ours) has to fit a number of criteria:
- They have to be either wealthy or at least more affluent than the average consumer.
- They should ideally have information and connections that they wouldn’t want exposed or others to have access to.
- They should have substantial bank accounts, ideally investment and business.
- And should be connected to other similar individuals, through their friends, neighbors, work, charities, political activities etc.
- Candy Stores can include successful small business owners and professionals, physicians, lawyers and law firms, financial advisors, wealth managers, brokers, insurance agents and many other professions.
There are a number of reasons cybercrooks want to target such individuals:
- They tend to have more money to steal and better credit to exploit.
- They tend to have more accounts to protect, from investment accounts to trust accounts, and often don't protect them very well.
- They tend to have more weak links around them, from advisors to employees, who can be used as a back-door.
- They have information that could of high value on the black market, including personal and corporate secrets, business and social contacts, and investment information.
- They can offer a stepping-stone to many other "candy stores" through their business and social connections.
- They can provide a back-door to their own corporate information, especially customer and employee data.
- They're typically much harder to protect and often too busy to focus on security.
- These victims rarely report the crime for fear of embarrassment or harming their reputation.