Keep up to date with the trending topics
from our industry experts

Cloned firm attacks – protecting your financial services business

Tuesday, 4 April, 2023

20Q about cloud eBook

Over the last two years, the financial services industry has experienced a significant increase in cyber-attacks and fraudulent activities, including the impersonation of financial services firms. The most common form of such fraud is when the attacker sets up a fake copy of a company’s website and impersonates the business to offer bogus services or scam existing clients.

The UK Financial Conduct Authority (FCA) refers to such frauds as “Cloned Firms.” Fraudsters claim to represent authorised firms, change firms’ contact details on the Financial Services Register to appear genuine, or copy the website of an authorised firm with subtle changes such as the phone number. Vulnerable clients may be directed to the genuine firm’s website through phishing emails or promotions on social media, but the scammer uses different details to correspond with them, potentially generating sales for scammers, diverting revenues, and delivering a substandard copycat product.

What is the impact of cloned firm attacks?

The impact of cloned firm attacks can be significant, both for individuals who fall victim to the scams and for the broader financial system. Some potential impacts of cloned firm attacks include financial losses, damage to reputation, and legal and regulatory consequences for failing to take reasonable steps to mitigate risks. As referenced by the FCA (, both Goldman Sachs and JP Morgan Chase are among many high-profile firms that have fallen victim to such attacks where fraudsters have used their details to create a ‘clone firm’.

Are cloned firm attacks growing?

The threat of cloned firm attacks is growing. In 2022, Lanware noted that 25% of its new clients had previously been a victim of some brand impersonation attack. According to the UK’s fraud reporting centre, Action Fraud, there was a 31% increase in investment scam reports in 2020 compared to the previous year. Similarly, a report by the Financial Ombudsman Service found that complaints related to investment and pension scams increased by 42% in the 2020/2021 financial year.

What does the FCA say about cloned firm attacks?

The FCA warns consumers and businesses to be wary of cloned firms and recommends the following 3 actions to help protect against financial scams:

  1. Check the FCA Register to ensure the firm is authorised and verify the contact details of the firm.
  2. Be wary of unsolicited contact, including emails, phone calls, and social media messages, especially if they are offering investment opportunities or loans.
  3. Be cautious of high-pressure sales tactics or promises of high returns with low risk.

I’m a financial firm, am I at risk and how do I protect myself?

Even small financial firms with a limited web presence are at risk of cloned firm attacks, as Lanware has seen this type of attack on smaller investment boutiques. To effectively protect themselves, businesses must first identify potential areas of attack. This means analysing assets, such as logo/image assets or web domains, to determine the likelihood of fraudulent activity. Once potential risks have been identified, third-party Brand Protection services can be used to perform web crawling and monitoring for brand-related keywords, logos, and phrases, social media monitoring for brand mentions and potential misuse, and domain name monitoring to detect potential cybersquatting, similar domains, and phishing attempts.

If any brand violations are found, the services include response options, such as auto-takedown of domains and adding them to search engine and spam blacklists. By incorporating brand protection into their security and risk management strategies, businesses can proactively protect their assets and customers from potential threats and stay ahead of attackers.


Brand protection is no longer just a concern for big global brands and major online presence. As the FCA warns and advises, “Cloned firms” are among the top tactics used by fraudsters, and all regulated firms should take necessary steps to protect themselves and their investments.

If you would like to learn more about how you can protect your financial services business and adopt the latest brand protection services, please get in touch.

Brand Protection Webinar

Attend the Lanware webinar How to protect your financial services business from cloned firm attacks which will showcase a brand protection platform that enables you to effectively monitor and react to an ever-changing threat landscape.

Our services

Our 4 pillars for a complete choice of managed IT services - all tailored to the needs of financial services firms in London and the UK.

Finance Forward 365 - Microsoft 365 cloud services supported by experts

Finance Forward 365

Microsoft modern workplace & cloud technology for digital transformation.

Compliant Teams -  Microsoft Teams phone system with call recording and archiving

Compliant Teams

Increased productivity & collaboration with call recording whilst reducing costs.
Cyber security solutions for financial services

Cyber Security

Keep your data secured against rapidly changing threats within Financial Services.

Responsive IT managed services for financial services

Power BI

Business Intelligence transformation and support tailored for Financial Services.

Follow us:

Pin It on Pinterest

Share This