Fraudsters
have
donned
the
identities
of
legitimate
US
financial
advisers
in
an
effort
to
gain
the
trust
of
victims,
before
recommending
fraudulent
financial
investments.
According
to threat
intelligence
service
DomainTools,
the
con
artists,
most
of
whom
appear
to
be
located
in
West
Africa,
have
advertised
on
popular
social
media
platforms,
including
TikTok,
using
the
information
of
actual
financial
advisers,
copying
personal
biographical
information
and
work
details.
Their
goal
is
to
gain
the
confidence
of
their
victims
using
messaging
applications
and
email,
and
then
convincing
the
individuals
to
invest
in
fraudulent
cryptocurrency
schemes.
To
date,
the
fraudsters
have
successfully
stolen millions
of
dollars,
according
to
a DomainTools
research
note.
In
the
end,
there
are
two
types
of
victims
in
this
fraud
campaign,
says
Sean
McNee,
CTO
of
DomainTools.
“Obviously
the
first
are
the
consumers
who
are
tricked
into
investing
their
money
—
often
in
the
millions
—
then
losing
it
through
cryptocurrency
and
other
investment
scams,”
he
says.
“The
second
are
the
financial
advisers,
whose
professional
identities
are
being
brazenly
impersonated,
putting
their
reputations
and
credibility
at
stake,
not
only
today
but
for
future
business
relationships
as
well.”
Fraud
strategies
that
exploit
an
existing
relationship
by
stealing
someone’s
identity
or
that
create
a
new
relationship
are
often
the
most
effective
types
of
crime.
Business
email
compromise
(BEC),
for
example,
where
the
cybercriminal
poses
as
a
business
executive
or
a
vendor,
usually
tops
the
list
of
damaging
cybercrimes,
doubling
its
share
of
the
cybercrime
ecosystem
last
year.
The
attacks
also
accounted
for
$2.4
billion
of
the
losses
tallied
by
the
FBI’s
Internet
Crime
Complaint
Center
(IC3)
in
2021,
or
about
a
third
of
the
$6.9
billion
in
losses
tracked
by
the
agency.
DomainTools
also
verified
that
the
fraudsters
seemingly
understood
the
often-impenetrable
subject
of
personal
finance.
“Financial
advisor
impersonation
is
straightforward
conceptually,
but
simplicity
in
subject
belies
complexity
in
practice,”
the
company
stated
in
its
advisory.
“Financial
impersonation
scams
require
careful,
layered
deception
involving
significant
interaction
with
a
target
to
succeed.
To
that
point,
engagements
as
prospective
clients
with
several
financial
advisor
impersonators
suggest
they
possess
a
competent
understanding
of
financial
markets.”
A
Form
of
“Pig
Butchering”
DomainTools
called
the
investment
scam
a
variant
of
“pig
butchering”
—
the
latest
term
for
a
romance
scam
that
essentially
“fattens
up”
a
victim
by
creating
trust
through
a
relationship,
which
then
ends
in
financial
fraud
—
the
“butchering”
part.
The
fraudsters
used
the
identities
of
several
hundred
financial
advisers,
deploying
a
fake
website
on
a
custom
domains
for
each
identity
and
using
known
social
media
networks
to
communicate
with
victims,
DomainTools
stated.
“While
many
of
these
instances
start
through
establishing
a
relationship
—
whether
romantic,
or
just
friendly
—
this
is
the
first
time
we’ve
seen
such
an
extensive
campaign
to
build
trust
with
—
fake
—
professional
financial
advisers,”
McNee
says.
“Through
our
research,
we
were
able
to
ascertain
that
the
threat
actors
impersonating
the
financial
advisers
showed
quite
a
surprisingly
high
level
of
financial
expertise,
and
so
were
convincing
to
their
victims.”
The
details
used
to
impersonate
financial
advisers
appear
to
have
been
scraped
from
regulatory
filings
posted
to
Financial
Industry
Regulatory
Authority’s
(FINRA)
BrokerCheck
and
the
Securities
and
Exchange
Commission’s
(SEC)
Investment
Adviser
Public
Disclosure
sites.
“These
scams
rely
on
slowly
building
trust
with
a
target
—
often
under
the
guise
of
a
financial
advisor
or
successful
investor
—
in
order
to
convince
targets
to
invest
in
a
scam,
such
as
a
cryptocurrency
‘investment,’
in
which
their
funds
are
promptly
stolen
and
rendered
nearly
impossible
to
recover,”
DomainTools
stated
in
its
research
note.
Supported
by
Bulletproof
Hosting
Service
The
campaign
is
not
just
reliant
on
knowledgeable
fraudsters
for
its
success.
The
scam
is
also
supported
by
a
bulletproof
hosting
service
known
as
SpeedHost247,
DomainTools
stated.
Serving
a
wide
variety
of
criminal
enterprises,
bulletproof-hosting
services
are
a
common
cybercriminal
service
that
ignores
requests
for
takedowns,
uses
difficult-to-disrupt
cloud
architectures,
and
accepts
cryptocurrency
to
obscure
financial
transactions.
The
cluster
of
financial
fraud
activities
tracked
by
DomainTools
appears
to
“share
orbits”
with
SpeedHost247,
which
operates
out
of
West
Africa,
the
company’s
researchers
stated.
SpeedHost247
has
donned
the
mantle
of
a
legitimate
service,
showing
office
buildings
and
spaces
on
its
website.
In
reality,
the
images
are
modified
pictures
from
other
companies’
sites,
according
to DomainTools’
analysis.
“Whether
SpeedHost247
is
an
active
participant
in
financial
advisor
impersonation
scams
remains
an
open
question,”
DomainTools
stated
in
the
analysis,
“but
their
seeming
willingness
to
accommodate
dubious
customers
who
are
offering
even
more
dubious
financial
services
using
false
information,
is
reason
for
pause.”
About Author
" title="
