Clone Investment Firm & Impersonation Fraud
1. Introduction
The utilisation of online platforms by the financial services industry has significantly transformed the global financial landscape. While these platforms have led to efficiencies in communication between individual investors and investment managers, they have also increased exposure to cyber threats and financial fraud. A well-established example of malicious activity, clone investment firm and impersonation fraud, are receiving fresh attention as fraudsters are capitalising on increased interest in digital assets, such as cryptocurrencies, which have limited to no recourse for the recovery of stolen assets. Clone investment firm and impersonation fraud pose financial and reputational risk to institutional investors and alternative investment managers.
2. How institutional investors can be affected
While the threat of clone investment firms and impersonation fraud primarily pertains to retail investors, institutional investors may also be targeted in more sophisticated ways by attempts to intercede in cash transfer and handling procedures. The rise of artificial intelligence, “deep fake” impersonation, and social engineering add further complexity for investors in determining what is and is not legitimate. The SBAI have published guidance on best practices to be followed in relation to cash handling which can be accessed below.
3. How alternative investment managers can be affected
The threat to alternative investment managers is primarily reputational damage to the firm’s brand and even individuals. Sophisticated clones or impersonations which utilise the likeness of high-profile industry persons can linger in a digital format for extended periods unless direct action is taken to remove such materials. Examples of this new risk include using the likeness of well-known industry persons through ‘deep-fake’ impersonation to promote crypto scams and frauds. This is in addition to traditional frauds whereby legitimate firms have their likeness impersonated via websites and email communication to mislead investors.
4. What should investors and investment managers do to protect themselves?
Investors should exercise caution when dealing with new or unusual communication mechanisms especially when this involves transfer of monies and confirm with the manager when there is any doubt or concern. Perform adequate and effective due diligence of new managers and continue to do so via ongoing monitoring. Report any concerns to the regulatory authorities.
Managers should continue to invest in cyber security training and infrastructure protections to reduce the risk of data loss and impersonation. Managers should purchase relevant website domain names to protect their brand and perform regular screenings to ensure that no fraudulent marketing attempts are being perpetrated.