FINRA Advise Imposter Websites

On Apr. 29, FINRA issued information notice on imposter websites.

  • Member firms notified FINRA that they have been victims of imposter websites,
    sites designed to mimic firm's actual website, goal of committing financial fraud.

Imposter Websites

  • Obtain existing or potential client personally identifiable information (PII), login
    credentials, that website sponsors subsequently use to engage in financial fraud.
  • Have created email domains and accounts to correspond to imposter websites.
  • Not new strategy, but observed increase of frequency of attacks on broker-dealers.

Proactive Steps

  • Registering website URL name variations, common misspellings, visually similar.
  • Using social media, website monitoring services to watch for imposter websites.
  • Report attack to local law enforcement, and FBI internet crime complaint center.
  • Run WHOis search on site to determine hosting provider, domain name registrar.
  • Submit abuse report to hosting provider or domain registrar, ask to take down
    imposter website, keep pressure on the providers with repeated calls or emails.
  • Aid from attorney, cybersecurity specialist, consultant, dealing with this fraud.
  • Notify the SEC, FINRA, or other securities or financial regulators to inform them.
  • Consider posting an alert on own website, send email notification to warn clients.
  • If member of financial services-information sharing, analysis center (FS-ISAC),
    cybersecurity controls organizations, contact to inform, may be able to advise.