FINRA Advise Imposter Websites

• Member firms notified FINRA that they have been victims of imposter websites,
  sites designed to mimic firm's actual website, goal of committing financial fraud.

Imposter Websites

• Obtain existing or potential client personally identifiable information (PII), login
  credentials, that website sponsors subsequently use to engage in financial fraud.
• Have created email domains and accounts to correspond to imposter websites.
• Not new strategy, but observed increase of frequency of attacks on broker-dealers.

Proactive Steps

• Registering website URL name variations, common misspellings, visually similar.
• Using social media, website monitoring services to watch for imposter websites.
• Report attack to local law enforcement, and FBI internet crime complaint center.
• Run WHOis search on site to determine hosting provider, domain name registrar.
• Submit abuse report to hosting provider or domain registrar, ask to take down
  imposter website, keep pressure on the providers with repeated calls or emails.
• Aid from attorney, cybersecurity specialist, consultant, dealing with this fraud.
• Notify the SEC, FINRA, or other securities or financial regulators to inform them.
• Consider posting an alert on own website, send email notification to warn clients.
• If member of financial services-information sharing, analysis center (FS-ISAC),
  cybersecurity controls organizations, contact to inform, may be able to advise.