April 1 comes and goes.
The fake announcements stop.
The office pranks fade away.
Everyone goes back to work.
But scammers don’t pack up and go home.
In fact, this time of year is when they get busier.
Not because advisors are careless.
Because everyone is moving fast.
- Client meetings.
- Market updates.
- Portfolio reviews.
- Compliance emails.
And when people are busy, something that looks almost normal can slip through.
Not the obvious scams.
The believable ones.
The kind that blend into a regular workday.
Here are three scams we’re seeing right now. Not targeting careless people, but smart professionals who are simply trying to get through their day.
As you read these, ask yourself one question:
Would everyone on my team pause long enough to catch them?
Scam #1: The “Small Payment” Text
Someone on your team gets a text message.
It says:
“You have an unpaid toll balance of $6.99. Pay within 12 hours to avoid late fees.”
It might mention E-ZPass or another toll system.
The amount is small.
Small enough not to feel risky.
They’re between meetings.
So they tap the link, pay the fee, and move on.
Except the link wasn’t real.
The message leads to a fake payment page that captures credit card details and personal data.
This scam has exploded recently. Tens of thousands of complaints have already been reported, and security researchers have uncovered tens of thousands of fake toll websites designed just for this trick.
Some of these messages even reach people in states without toll roads.
Why does it work?
Because six dollars doesn’t feel dangerous.
And most people have driven somewhere recently.
The message feels normal.
The guardrail that helps
Real toll agencies don’t demand payment through a random text message.
Inside well-run businesses, there’s a simple rule:
No payments through text links. Ever.
If something might be real, employees go directly to the official website themselves.
And they never reply to the text — not even “STOP.”
Because responding tells scammers the number is active.
Convenience is the bait.
Process is the protection.
Scam #2: “Your File Is Ready”
This one blends perfectly into an RIA’s normal day.
An employee receives an email saying a file was shared with them.
Maybe it looks like:
- A DocuSign document
- A OneDrive or SharePoint file
- A Google Drive spreadsheet
The sender’s name looks right.
The formatting looks identical to every other notification they receive.
So they click.
The page asks them to log in.
They enter their Microsoft 365 credentials.
Now the attacker has them.
And if those credentials work across your cloud systems — email, files, CRM integrations — the attacker may now have access to your firm’s environment.
This kind of phishing has surged because it hides inside trusted platforms.
Employees are far more likely to click links that appear to come from Microsoft or Google than from random senders.
Some attackers even compromise real accounts and use the platform’s built-in sharing features.
So the email actually comes from legitimate servers.
Your spam filter doesn’t flag it.
Because technically…
…it’s a real notification.
The guardrail that helps
One small habit makes a big difference.
If a file share wasn’t expected, employees don’t click the link in the email.
Instead, they log into the platform directly.
Microsoft 365.
Google Drive.
DocuSign.
If the file is real, it will be waiting there.
Firms can also reduce risk by limiting external sharing permissions and enabling login alerts.
Simple settings.
Huge impact.
Scam #3: The Email That’s Written Too Well
Years ago, phishing emails were easy to spot.
Bad grammar.
Weird formatting.
Suspicious wording.
We told everyone to look for those red flags.
But things have changed.
Today, many phishing emails are written using AI.
They sound calm.
Professional.
Polished.
In one study, AI-generated phishing emails achieved more than four times the click rate of older phishing attempts.
They reference real companies.
Real job titles.
Real workflows.
All scraped from LinkedIn and company websites in seconds.
Some even target specific departments.
Your HR staff might receive employee verification requests.
Your operations team might receive account paperwork.
Your finance team might receive vendor payment updates.
And the email feels completely normal.
Like something that would show up on any Tuesday morning.
The guardrail that helps
Inside healthy firms, there’s one rule everyone understands.
If a message involves:
- Credentials
- Payment changes
- Sensitive client data
…it gets verified through another channel.
A phone call.
A chat message.
A quick walk down the hall.
And when an email creates urgency, the urgency itself becomes the warning sign.
Real security never tries to rush you.
What This Really Comes Down To
All three of these scams rely on the same things:
Familiarity.
Authority.
Timing.
And one simple thought:
“This will only take a second.”
That’s why the real risk isn’t careless employees.
It’s systems that assume everyone will always slow down and make the perfect decision under pressure.
And that’s not realistic.
Especially in a busy advisory firm.
Why This Matters for RIAs
Your team doesn’t just handle office emails.
They handle client information.
Account details.
Financial documents.
And regulators expect firms to protect that data and respond properly if something goes wrong.
Cybersecurity is no longer just an IT issue.
It’s part of running a fiduciary business.
And part of being prepared when regulators come knocking.
Where We Come In
Most advisors I talk to don’t want to become cybersecurity experts.
They don’t want to run phishing training.
They don’t want to manage email security policies.
They just want to know their firm isn’t quietly exposed.
If that thought has crossed your mind lately, we’re happy to have a conversation.
Nothing complicated.
Just a practical discussion about:
- The kinds of scams RIAs are seeing right now
- Where risks tend to sneak into everyday workflows
- Simple ways to protect your firm without slowing your team down
No scare tactics.
No pressure.
Just clarity.
Call us at 865-622-9304 or schedule a quick discovery call.
And if this isn’t something you need right now, feel free to send it to another advisor who might appreciate the heads-up.
Sometimes knowing what to look for is all it takes to turn a “would have clicked” into a “nice try.”
