While impersonation scams are certainly not new, there are surprising new variants every day. In a February 2021 report, FINRA observed an increase in cyber-related incidents, including fraudsters creating fake websites using the names and professional details of actual industry professionals (who have no connection to the imposter sites). And more recently, the FBI and Securities and Exchange Commission issued a warning to investors about this problem.
Impersonation is one of the oldest scams, but it can be difficult to spot unless you know what you’re looking for. Here are two patterns to be aware of and six tips to help spot the fakes.
The fraudsters behind broker imposter websites take the name and other publicly available professional details about a registered investment professional and use this information to establish a fraudulent website. The fraudsters then call and direct potential customers to the imposter websites. Their likely goal is to mimic a legitimate website to obtain existing or potential clients’ personal information or login credentials.
Investors should look for the typical mistakes, such as poor grammar, misspellings, odd or awkward phrasings, or misuse of investor terminology. In addition to these, investors should be on the lookout for websites using the registered representative’s name as the domain name for the website (e.g., firstnamemiddlenamelastname.com).
Another type of broker imposter scheme involved an unregistered individual impersonating a registered investment professional to lure in potential investors. In this instance, the scammer created a fake version of a public FINRA BrokerCheck® report of a legitimate broker—picking an experienced broker with a spotless regulatory record.
The doctored BrokerCheck report was emailed to potential “clients” using the name and CRD number of a registered investment professional—but with a company that is not registered as a broker-dealer with FINRA. The solicitation included other documentation and a request for investors to respond with a photo of their driver’s license and other personal information.
Here are some of the red flags we spotted on the doctored report:
To keep your money and personal information safe from these types of scams, take these six tips to heart.
1. Go to the source. FINRA encourages investors to "ask and check" by using BrokerCheck before investing with an investment professional. Don’t assume that the information you receive is legitimate. Go directly to the sources that collect the regulatory information to produce these reports, including FINRA’s BrokerCheck, the SEC’s Investment Adviser Public Disclosure, and state registration databases. You can search both professionals and firms not only by name, but also by their registration number—known as a CRD number.
2. Look for things that appear out of place. Compare whatever BrokerCheck report or other documentation you receive from an individual or firm soliciting your business with the real reports you obtain yourself from BrokerCheck or the sources above. Be wary of typos, and look for differences in the reports. For instance, in a recent scam, the doctored information was in fonts that were different from fonts used in other parts of the report, items appeared to be pasted into the document, and the state of the branch office address was not included in the list of states where the individual was licensed.
3. Verify information with an internet search. Take a few moments to use a common search engine to type in the name of the individual who is soliciting your business and the firm name, and see what comes up. Does it match the information provided to you, including the contact information? If something doesn’t look right, do a little more digging, including a map search on the address or a reverse lookup on the phone number. Be sure to check all this information against a reliable source such as BrokerCheck, where you can verify whether the phone number or website listed in the firm’s Client Relationship Summary (Form CRS) matches. When scanning LinkedIn profiles, be aware that scammers often copy select information from a registered person’s LinkedIn profile to create the appearance of legitimacy.
4. Do not send money or personal information without verifying the recipient. Don’t ever send money or personal information, such as your driver’s license, passport, social security number, date of birth, or bank account information, until you verify who contacted you.
5. Beware of the use of personal contact information. Sometimes a scammer will ask you to send money or personal information to a personal (rather than a firm’s) email address or to respond to phone numbers that are not listed as official firm contacts. One general rule all investors should follow: if you invest through an account at a financial firm, use BrokerCheck to verify that the firm is registered and send all deposits directly to the financial firm. If an individual pitches an investment opportunity that requires you to write a check directly to him or to a third party, proceed with caution.
6. Be alert to the red flags of fraud. Be cautious of guarantees, unregistered products, overly consistent or high returns, complex strategies, missing documentation, account discrepancies and pushy salespeople. The vast majority of investment professionals are trustworthy individuals, but there are always exceptions who might look to take advantage of your trust. Practice spotting the persuasion tactics that con artists use, and always exercise healthy skepticism. For instance, be wary of sales pitches that make exaggerated claims about performance. This is a red flag of fraud.
If you are suspicious about information you receive from an individual or firm soliciting your business, contact FINRA or another regulator BEFORE you send any personal or financial information. If you are an investment professional and have concerns that someone is using your name or information as part of a potential scam, contact your firm’s compliance department, and alert FINRA by calling our BrokerCheck hotline at (800) 289-9999, or emailing [email protected].