Written by Camilla Cater
Director and Senior Consultant
If we talk about the Attack of the Clones – for some, it may conjure up high-budget battle sequences set in a galaxy far, far away – but back here on Earth, it seems to be the virtual fight we just can’t win.
At the start of 2021, the FCA published a stark warning to the public about the proliferation of clone firm investment scams; fake investment firms set up by scammers to dupe consumers in parting with their money through the fraudulent use of a legitimate regulated entity’s identifying information, e.g. name, address or even their FCA ‘Firm Reference Number’.
It was revealed that from March 2020 to April 2020 the overall number of these scams rose a staggering 29% and during the 2020 calendar year over £78 million was stolen from consumers targeted by such scams.
Furthermore, it’s not just the more well-known companies that have been scammed. Smaller firms have also been victims.
The rise of such investment scams will likely not come as a shock; not least, because over the last year regulators have continued to beat the drum of cyber resilience and continuously reiterated the need for firms to ensure that cyber controls are effective, and that employees remain vigilant to potential threat.
Yet, clone firms raise the issue that we need to consider the threat of overlap as much as divergence. Where possible preventative measures, such as identifying firms sharing similar domain names, regulatory reference numbers or addresses, should be embedded into the current cyber threat and vulnerability framework.
And whilst we have seen positive moves from regulators proactively identifying clone firms and publicly blacklisting them; for investment firms that fall victim to the cloning process it is a reputational risk that requires swift action. Notification to relevant regulators, police and fraud agencies are key to raising awareness as well as posting disclosures on their legitimate website and contacting domain hosts to share concerns are all recommended actions to stop these clones taking over.
But prevention is undoubtedly better than cure, and awareness through cyber training has a huge role to play to that end – click here to find out more about our suite of CPD-certified Cyber Security online training courses for UK Investment Firms.