Cybercrime , Fraud Management & Cybercrime , Standards, Regulations & Compliance
'Clone Firm' Fraudsters Stealing Millions From UK Investors
Authorities Warn Investors of Rise in Clone Sites During COVID-19 PandemicIn Britain, the National Crime Agency and Financial Conduct Authority are warning that the number of "clone firm" scams has significantly increased during the COVID-19 pandemic. Over a six-month period, these fraudulent schemes have led to more than 78 million pounds ($107 million) in losses for victims.
See Also: Ransomware Demystified: What Security Analysts Need to Know
A clone firm is a fake entity created by fraudsters that uses the name, address and Firm Reference Number - a unique identifier assigned to every financial or investment firm in the U.K and issued by the Financial Conduct Authority - of a legitimate organization, according to the alert. In some cases, the scammers will clone or spoof the entire website of a legitimate firm.
Once these fake and spoofed websites are created, the fraudsters then send sales and marketing materials to would-be investors that appear to originate from legitimate firms. The scammers also advertise on social media, according to the alert.
The fraudsters use phishing emails and social engineering techniques to lure victims, and their use of the legitimate sales materials gives the scheme a sheen of authenticity. Once a connection is established, the fraudsters attempt to get victims to send money to the cloned firm, the NCA notes.
"Fraudsters use literature and websites that mirror those of legitimate firms, as well as encouraging investors to check the Firm Reference Number on the FCA Register to sound as convincing as possible," says Mark Steward, executive director of enforcement and market oversight for the Financial Conduct Authority. "Last year, we issued alerts in relation to over 1,100 firms including clones, which has more than doubled since 2019."
Reaction to COVID-19
Since the U.K. went into lockdown in March 2020 because of the COVID-19 pandemic, the number of clone firms has been on the rise. The NCA also warns that there has been a significant uptick as British citizens and investors have become increasingly concerned over their finances.
"The ongoing financial impact of COVID-19 may also make people more susceptible to these types of clone scams," the NCA says, adding that a recent study by the Financial Conduct Authority found that 42% of investors report that they are worried about their finances because of the pandemic, and 77% have made or plan to make an investment within the next six months to help improve their financial situation.
The NCA also notes that the average individual loss for these clone firm scams is about 45,000 pounds ($62,000).
Alan Greig, special projects director for Business Resilience International Management, which works with organizations and law enforcement agencies to assess risk, notes that clone firm scams can take advantage of average citizens and experienced investors.
"From my experience, this is about risk and resilience; we must all be wary," Greig says. "Whether you are a sole trader or national business, I would recommend reaching out to your regional police-led Cyber Resilience Center that is focused on sharing guidance and awareness from multiple agencies in the wider fight against crime."
Other investment and financial organizations have also warned about fraudsters that spoof the domains of legitimate firms.
In October 2020, the Financial Industry Regulatory Authority, a private organization that helps U.S. brokerage firms and exchange markets self-regulate, warned its members about phishing emails originating from websites that spoofed its domain (see: FINRA Warns Members of Scams Using Spoofed Domain).