FBI Warns of Criminals Impersonating Advisers and Brokers

Publish Date


Cyber Alert


  • Cybersecurity

The FBI has warned of recent criminal activity in which threat actors impersonate advisers and brokers online.  

In a sophisticated scheme, threat actors search publicly available online information from websites that list names, registration numbers, and permissions for registered advisors and brokers. They gather credential information, build websites that impersonate these brokers and advisors, and use these sites to scam individual clients of their funds.  

The scheme was discovered when scammed clients complained to the real firms that were spoofed. Reverse image searches enabled investigators to trace back and identify the fraudulent scheme.  

Efforts are being made to take down the identified fraudulent sites, though delays are likely due to the need to present a required degree of evidence of copyright infringement to enable the forced removal of the illicit content.  

ACA guidance 

The FBI report indicates the need for all firms to include searching for illicit use of company or employee names as part of threat identification. As such: 

  • Conduct regular and automated reviews of for publicly harvestable information on the firm available on the internet.  
  • Conduct IP reputation tests, in which DNS blocklists are analyzed for the presence of IP addresses belonging to the firm (indicating that someone may be spoofing the firm and may have been subsequently blocked) 
  • Search for typojacking of the firm’s name (using close approximations of the firm’s name to deceive)  

Additionally, ACA Aponix recommends that firms follow the reactions for financial service partners suggested in the FBI report, including: 

  • Routinely conduct online searches of firm and colleague names to quickly detect impersonation attempts (and to warn clients if these attempts are located). 
  • Create alarms when automated searches find websites using the “firstnamelastname” format for their advisors and brokers (as this method of frequently being used by perpetrators). 
  • If spoofed, conduct reverse image searches on images in use in the false websites, to locate other impersonation attempts. 
  • Notify the FBI private sector coordinator of any located fraudulent impersonation attempts. 

How we help 

ACA Aponix provides monitoring services as part of the Aponix Protect program. These include the reviews of publicly harvestable information, IP reputation tests, and typojacking searches described in the guidance section of this alert.