Just days after warning about a new impostor FINRA website that has an extra "n" in its domain name, the broker-dealer regulator warned that malicious actors are also setting up impostor websites using registered reps' names.
Several broker-dealers have recently informed the Financial Industry Regulatory Authority about the sites, which use reps' names and other information to establish websites that appear to be the reps' personal sites "and are also calling and directing potential customers" to use the fake sites.
Impostors may be using these sites to collect personal information from the potential customers with the likely end goal of committing financial fraud, FINRA said in a Regulatory Notice.
Common features of the impostor sites include:
using the registered rep's name as the domain name for the website (e.g., firstnamemiddlenamelastname.com);
including a picture purporting to be the registered rep;
providing information about the registered rep's employment history, including prior employers' CRD numbers and exam history; and
asking individuals to fill out a contact form with the individuals' names, email addresses, phone numbers, the subject of the inquiry and space for a message. Some of the sites also contain poor grammar, misspellings, odd or awkward phrasings or incorrect usage of financial services terminology, FINRA said.
Malicious actors could leverage the domains to send fake emails purporting to be from the registered rep and that may include phishing links or attachments containing malware, FINRA warned.
FINRA advised firms and reps to take steps to identify the impostor pages by conducting periodic web searches using registered reps' names.
Some search engines also allow users to create alerts that automatically search for defined terms (e.g., a registered representative's name) and inform the user of new activity.
Besides contacting FINRA and the Securities and Exchange Commission about impostor sites, FINRA suggested these other steps:
Report the attack to the nearest Federal Bureau of Investigation field office or the FBI's Internet Crime Complaint Center, and the relevant state's Attorney General via their websites or, if possible, a phone call.
Run a "WHOis" search (www.whois.net) on the site to determine the hosting provider and domain name registrar associated with the impostor website (which may be the same organization in some instances). In some cases, this site also provides relevant contact information.
Submit an abuse report to the hosting provider or the domain registrar asking them to take down the impostor website. Continue to engage with the providers by phone or email until the matter is resolved.
Seek the assistance of a cybersecurity specialist, attorney or consultant who has experience with this type of fraud.
Consider posting an alert about the impostor website and the associated URL on your website, notifying registered reps and alerting clients — especially those of the registered rep whose name is being misused — to the impostor website and also warning them not to open emails from that domain name.