What do Smith & Williamson, Fidelity and Rothschild have in common? Apart from all being well known within financial services as investment providers, the answer is all three were recently cloned.
The FCA’s website has posted many warnings in relation to company cloning with as many as 50 instances being reported a month. These include both big and small company names. When the price of Bitcoin surged last year, the number of cloned sites soared as scammers sought to capitalise from the popularity of crypto currencies. Scammers also tend to pick up speed towards the end of the tax year as this is the peak time to buy ISAs.
Pension pots are another lucrative target, with the Pensions Regulator and the Financial Conduct Authority setting up the ScamSmart campaign to help educate individuals against being fooled by scammers. Research by the regulators found that 23% would be prepared to discuss their pension needs if they were cold called.
After setting up a fake website, scammers typically cold call, using slick sales patter to persuade investors to participate in tantalising deals – they also use social media such as Facebook and Instagram to draw people in. They may be seeking smaller amounts from those wanting a new ISA – one scam took the name of Axa Investment Managers but promised a return of 3%, double the existing top rate. Another scam involved using the name of private equity firm Charterhouse to ask investors for £50,000 for access to a fake high-yielding Volkswagen bond. Charterhouse issued a warning earlier this year saying:
“We have had reports of these being found while searching for investment opportunities online, including most recently a fraudulent ‘clone firm’ that claims to sell non-existent Volkswagen AG bonds with a coupon rate of 5.125%”
This was backed up by a warning from the FCA. Some may simply be looking to obtain data, which has a value in itself.
Many might presume that a fraudster cold calling someone would receive short shrift. But people continue to be conned, and the FCA said victims lost around £197 million in 2018, averaging around £29,000 each.
In recent years, the ‘quality’ of cloned websites has improved. Fraudsters will now often ensure that spelling and grammar is correct and choose a convincing and similar name – so smithandwilliamson.com is genuine, while smithandwilliamsononline is not. They may also use the genuine name and FCA registration number on the fake website, along with details of genuine employees. They can buy a phone number that will be based in the UK so callers are put through directly to the scammers.
Those calling may be well spoken and charming – there may be no obvious indication that customers have entered a high pressure ‘boiler room’ situation. Extracting money can take as little as 10 minutes over the phone or can be achieved over a prolonged period, as the scammer builds up a rapport with the individual. Calls have been known to be made over Skype and WhatsApp as well, so that they can control the display number, using ‘spoofing’ techniques to make it appear to be genuine.
Fraudsters pretending to be from banks have reportedly told the customer to check the number displayed on Google so they can see it is ‘authentic’. Large firms may have in-house security specialists that monitor for cloning, but all must be vigilant – Google Alerts, for example, can show if content from a legitimate site is being used elsewhere, while other tools can help provide evidence of plagiarism. If found, the regulator should be informed as soon as possible, and efforts made to have the cloned site shut down.
Those fooled by cloned websites and scam callers lose their money, often with a devastating impact. With cloned companies becoming more sophisticated, financial services must remain vigilant and act fast, to ensure the loss of reputation is kept to a minimum.
Find out what types of metrics you may want to consider measuring as part of a cyber risk programme.