The Financial Industry Regulatory Authority released a notice on Monday revealing that several broker-dealers have been victims of imposter websites, which are designed to mimic a firm’s actual website with the end goal of committing financial fraud.
An imposter website typically is designed to mimic a firm’s actual website to obtain existing or potential clients’ personally identifiable information or login credentials.
Malicious parties have been targeting member firms regardless of whether those firms have an existing online presence, and in some cases, they have also created email domains and accounts to correspond to the imposter websites.
While this is not a new attack strategy, FINRA said that they have observed that the frequency of such attacks on broker-dealers may be increasing.
Firms can take proactive steps to monitor for imposter websites. For example, they may consider registering website URL name variations, such as common misspellings or visually similar character substitutions, and using social media or website monitoring services to watch for imposter websites.
If a firm becomes aware of an imposter website through its own monitoring, the services of a vendor, notification from a customer or other source, they can report the attack to local law enforcement, the Federal Bureau of Investigation, and the relevant state’s attorney general. Firms can also notify the Securities and Exchange Commission, FINRA or other securities or financial regulators
Additionally, running a “WHOis” search (www.whois.net) on the site can determine the hosting provider and domain name registrar associated with the imposter website (which may be the same organization in some instances). In some cases, this site also provides relevant contact information.
Firms can then submit an abuse report to the hosting provider or the domain registrar asking them to take down the imposter website or seek the assistance of a cybersecurity specialist attorney or consultant who deals with this type of fraud.