- Member firms notified FINRA that they have been victims of imposter websites,
sites designed to mimic firm's actual website, goal of committing financial fraud.
- Obtain existing or potential client personally identifiable information (PII), login
credentials, that website sponsors subsequently use to engage in financial fraud.
- Have created email domains and accounts to correspond to imposter websites.
- Not new strategy, but observed increase of frequency of attacks on broker-dealers.
- Registering website URL name variations, common misspellings, visually similar.
- Using social media, website monitoring services to watch for imposter websites.
- Report attack to local law enforcement, and FBI internet crime complaint center.
- Run WHOis search on site to determine hosting provider, domain name registrar.
- Submit abuse report to hosting provider or domain registrar, ask to take down
imposter website, keep pressure on the providers with repeated calls or emails.
- Aid from attorney, cybersecurity specialist, consultant, dealing with this fraud.
- Notify the SEC, FINRA, or other securities or financial regulators to inform them.
- Consider posting an alert on own website, send email notification to warn clients.
- If member of financial services-information sharing, analysis center (FS-ISAC),
cybersecurity controls organizations, contact to inform, may be able to advise.