On July 27, 2021, the U.S. Securities and Exchange Commission (SEC) issued an Investor Alert to warn members of the financial services industry about fraudsters posing as brokers or investment advisors. These malicious actors have been pretending they are registered with the SEC, FINRA, or state regulators to scam clients.
The SEC identified several tactics fraudsters use during their scams:
- Spoofed Websites: Fraudsters set up fake websites that appear similar to real ones to appear more legitimate
- Fake Social Media Profiles: Fraudsters establish fake profiles on Facebook, LinkedIn, and other sites to conduct social engineering on clients and trick them into giving up information or assets.
- Cold Calling: Fraudsters call investors to solicit money, and sometimes use software to make their calls appear as if they are coming from legitimate organizations.
- Falsifying Documents: Fraudsters present falsified documents to convince clients they are registered with the SEC. They may copy and slightly alter documents from a real registered organization.
The SEC states that most brokers must register with the SEC and join FINRA. You should confirm if someone who is offering you an investment is currently licensed or registered, which you can do by visiting investor.gov. You should also only contact investors using independently verified contact information, such as that obtained directly from the organization’s official website.
There are a few red flags the SEC listed that you can look out for to avoid these types of scams:
- Guaranteed High Investment Returns: every investment has risk, and high return potential usually equals high risk. Anyone guaranteeing high returns is likely a fraudster.
- Unsolicited Offers: If an investment offer comes out of the blue and seems too good to be true, it likely is.
- Credit Cards: customers usually shouldn’t be able to use credit cards to invest, so be wary if that’s presented as an option.
- Digital Asset Wallets and Cryptocurrencies: Be wary if you’re being required to use a digital wallet service such as Venmo or cryptocurrency like Bitcoin to invest.
- Wire Transfers and Checks: always verify every part of paying by wire transfer or check, including vetting the person or firm you’re sending to, the address, and the purpose of the payment.
How BW Cyber Services Can Help
One of the many services BW Cyber Services can offer your organization is simulated phishing campaigns. We can train your users to look out for all of the indicators of a fraudulent e-mail, such as a typosquatted domain or when a hyperlink appears to be different than its hover text. During these campaigns we collect metrics on which users clicked links in these e-mails or submitted credentials, which could lead to compromise of your organization’s environment in a real attack. We can also assess the risks in your organization, review your response plans, conduct penetration testing, and more to meet your cybersecurity needs. For more information on how BW Cyber Services can assist you, please contact us at firstname.lastname@example.org.