GDFM Combat Clone Managed Service – Raising Your Defences (Part I)
It’s crucial that organisations seeking or managing investment processes consider the damage to brand and reputation through an incidence of cloning. Awareness of what cloning is and how prevalent it has become remains relatively low, despite it already being a significant issue and continues to grow exponentially. Read on to gain a clearer insight on the issues and actions that you can take and how GDFM’s Combat Clone Managed Service can assist. This Managed Service has received expert input from Associate Partners Sarah Peaston and Tony Adams, both drawing on their investor protection backgrounds; Sarah in a regulatory customer protection and Independent Non-Executive Director capacity and Tony in his capacity as the former Head of Investigations and Digital Forensics for the National Cybercrime Unit.
What is Cloning?
Cloning of companies or of individuals’ identities occurs in most cases to commit fraud. From an individual’s perspective, it can manifest itself in a well-known or respected person’s name being used for a scam. The fraudsters use social engineering techniques whereby potential investors are deceived into investing or into divulging confidential and personal information through fraudulent schemes. These schemes often advertise attractive, above market returns on investment.
By associating a reputable person’s identity or a well known company’s name with a scheme, the scam can gain a veneer of credibility designed to entice even the most cautious investors. Cloning fraud initiatives can often be associated with websites, although this is not always the case.
In some occurrences, a prominent individual’s or company’s identity is used, by advertising through a ‘phishing’ email campaign, falsely leveraging their support of the investment offering. In instances such as this, the cloned individual or company may not be aware for a protracted period that they have been associated with the scam. Unless potential investors conduct extensive due diligence on their investment, they can easily be duped into believing that the investment that they are entering into is bona fide.
What Impact Does Cloning Have on Firms and Investors?
Cloning of companies and individuals is an ever-increasing problem which may have gathered additional momentum during the Covid lock-down and the virtual lifestyle this has necessitated.
Certainly, the figures released by Action Fraud (part of the City of London Police) and the National Reporting Centre for Fraud and Cybercrime, indicate a significant rise. They report an increase in clone investment fraud of 29% as the UK went into the first lockdown.
Additionally, a staggering 77% of investors do not know or are unaware what a ‘clone company’ fraud is. The FCA Warning List which has been in place since 2000, has around 7,000 entries. Up to May 2021 the FCA has issued around 630 warnings of cloning activity which is already over a 100% rise on the 2020 figures. On average, victims have been scammed out of £45,000 on reported cases.
The total reported losses during 2020 from cloned company fraud was an astonishing £78 million. This is very likely to be the tip of the iceberg as even in the event that investors become aware of the fraud, they may feel embarrassed that they have been duped and choose not to report the fraud.
Common Cloning Techniques
Fraudsters commonly create a website that has a remarkably close resemblance to an existing legitimate website. Often this is achieved by changing a small detail in the website address by amending or inserting characters. An example of this could be ‘anassetmanagerplc.com’ as opposed to ‘anassetrnanagerplc.com’. In this example the ‘m’ of manager has been replaced with a ‘r’ and ‘n’ to imitate the letter ‘m’.
The fraudsters copy the content of the existing, legitimate website and include this detail in the cloned version. This gives the cloned version the appearance of the original website. Criminals frequently can go as far as researching the original company at Companies House and including all the available material to provide credibility to the clone site. The link to the cloned website will typically be included on ‘phishing’ emails.
Sophisticated scams even suggest to investors to conduct their own due diligence, providing links to the regulator website, to falsely leverage the legitimate company being cloned entry on the Financial Services Register. Once the investor is reassured by the reputation of the genuine company they are more likely to click on the link in the ‘phishing’ email and enter into communication with the fraudsters.
Again, this will involve quite convincing social engineering with the ultimate goal of the investor parting with their funds to the fraudsters who, as part of the process, will supply banking details. Once the funds are deposited by the investor, they will very quickly be moved from this account and are likely to be moved many times to ‘cloud’ the money trail, eventually being realised through some form of money laundering.
A Potentially Long Running Fraud
The social engineering can continue with documentary evidence of the investment being supplied to the investor. This extension of the fraud may seem unnecessary because the fraudsters already have the investor’s funds.
However, in doing so, the fraudsters can ‘extend’ the longevity of the fraud. This means that the existing infrastructure of domains, phishing campaigns and bank account/s can be further utilised for a defined period. Dependent on the type of investment, the investor may not realise that they have been subject to a fraud until much later for example when they realise that they have not received expected communication or the promised return on investment.
Victims and Impact
The different types of cloning have similar victims and impacts. At one end of the spectrum are the investors seeking to maximise their hard-earned savings or business investments. These groups will always suffer losses to successful cloning scams which for some, can be devastating.
On the other side of the scam, the legitimate companies that have been cloned also suffer lost opportunity, as funds that investors were expecting to invest are de-routed from their legitimate business, and longer term are likely to have lost potential investors’ confidence. This effectively doubles the impact of the scam. As if this situation was not bad enough for the legitimate companies, they have the often intangible cost of mitigating the damage caused to their reputation and the remediation requirements. This may include engagement with legal services, the regulator and law enforcement as well as a tedious campaign to dissociate themselves from the scam.
The process of trying to recover from a cloning incident can be an uphill battle. Notification to the Authorities is likely to result in the details of the legitimate company and the clone company being added to the Warning Lists, potentially deterring potential investors.
This situation can be amplified when the incident attracts media attention or online forum commentary. Allegations of wrongdoing can remain unseen by the legitimate company for a period of time; or where relevant, share prices can suffer before the company has had the opportunity to proactively address the issue.
The damage to a company’s or individual’s reputation cannot be easily quantified and can impact on the trust and confidence issues associated with anyone seeking to invest.