Over the last two years, the financial services industry has experienced a significant increase in cyber-attacks and fraudulent activities, including the impersonation of financial services firms. The most common form of such fraud is when the attacker sets up a fake copy of a company’s website and impersonates the business to offer bogus services or scam existing clients.
The UK Financial Conduct Authority (FCA) refers to such frauds as “Cloned Firms.” Fraudsters claim to represent authorised firms, change firms’ contact details on the Financial Services Register to appear genuine, or copy the website of an authorised firm with subtle changes such as the phone number. Vulnerable clients may be directed to the genuine firm’s website through phishing emails or promotions on social media, but the scammer uses different details to correspond with them, potentially generating sales for scammers, diverting revenues, and delivering a substandard copycat product.
What is the impact of cloned firm attacks?
The impact of cloned firm attacks can be significant, both for individuals who fall victim to the scams and for the broader financial system. Some potential impacts of cloned firm attacks include financial losses, damage to reputation, and legal and regulatory consequences for failing to take reasonable steps to mitigate risks. As referenced by the FCA (www.fca.org.uk/news), both Goldman Sachs and JP Morgan Chase are among many high-profile firms that have fallen victim to such attacks where fraudsters have used their details to create a ‘clone firm’.
Are cloned firm attacks growing?
The threat of cloned firm attacks is growing. In 2022, Lanware noted that 25% of its new clients had previously been a victim of some brand impersonation attack. According to the UK’s fraud reporting centre, Action Fraud, there was a 31% increase in investment scam reports in 2020 compared to the previous year. Similarly, a report by the Financial Ombudsman Service found that complaints related to investment and pension scams increased by 42% in the 2020/2021 financial year.
What does the FCA say about cloned firm attacks?
The FCA warns consumers and businesses to be wary of cloned firms and recommends the following 3 actions to help protect against financial scams:
- Check the FCA Register to ensure the firm is authorised and verify the contact details of the firm.
- Be wary of unsolicited contact, including emails, phone calls, and social media messages, especially if they are offering investment opportunities or loans.
- Be cautious of high-pressure sales tactics or promises of high returns with low risk.
I’m a financial firm, am I at risk and how do I protect myself?
Even small financial firms with a limited web presence are at risk of cloned firm attacks, as Lanware has seen this type of attack on smaller investment boutiques. To effectively protect themselves, businesses must first identify potential areas of attack. This means analysing assets, such as logo/image assets or web domains, to determine the likelihood of fraudulent activity. Once potential risks have been identified, third-party Brand Protection services can be used to perform web crawling and monitoring for brand-related keywords, logos, and phrases, social media monitoring for brand mentions and potential misuse, and domain name monitoring to detect potential cybersquatting, similar domains, and phishing attempts.
If any brand violations are found, the services include response options, such as auto-takedown of domains and adding them to search engine and spam blacklists. By incorporating brand protection into their security and risk management strategies, businesses can proactively protect their assets and customers from potential threats and stay ahead of attackers.
Brand protection is no longer just a concern for big global brands and major online presence. As the FCA warns and advises, “Cloned firms” are among the top tactics used by fraudsters, and all regulated firms should take necessary steps to protect themselves and their investments.
If you would like to learn more about how you can protect your financial services business and adopt the latest brand protection services, please get in touch.
Brand Protection Webinar
Attend the Lanware webinar How to protect your financial services business from cloned firm attacks which will showcase a brand protection platform that enables you to effectively monitor and react to an ever-changing threat landscape.