Imposter scams can take many forms, and there are new variants every day. In investment-related imposter schemes, a common thread is that scammers misuse the name of real registered investment professionals or firms to create the appearance of legitimacy. Imposter schemes rely on a tactic known as source credibility—building trust by claiming to be properly registered and employed by a well-known firm—and they can be alarmingly convincing.
Below are some of the imposter tactics scammers have used to target investors and tips to protect against imposter scams.
Imposters on Social Media
Imposter scams can start with bad actors who pose as registered investment professionals or other financial experts or who advertise “stock investment groups”—also called “investment clubs”—on various social media channels. These bad actors often direct investors to encrypted group chats on messaging applications such as WhatsApp or Telegram.
In these scams, imposters might pitch investment opportunities in stocks and crypto assets. They might also provide “investment education” or “daily trading signals” promoting unrealistic rates of return. Other group members who appear to be successful investors sharing screenshots of their investment returns might actually be accomplices attempting to reinforce the scheme’s credibility.
Imposter Websites
Bad actors behind imposter websites often take the name and other publicly available details about a registered investment professional and use this information to establish a fraudulent website. These scammers then direct potential investors to the imposter sites. One goal is to obtain investors’ personal information or login and account credentials. In some cases, scammers will lure investors into making deposits into fake—but official-seeming—accounts to steal their funds.
Sample imposter webpage design
Imposter Documents
Bad actors behind imposter scams might also use false registration documents to appear legitimate to potential investors. For example, the scammer might create a fake version of a public FINRA BrokerCheck report using the name and credentials of a legitimate registered investment professional, often someone with extensive experience and a spotless regulatory record. The scammer might then send the fake report to potential investors, using the name and registration number (known as a CRD number) of the registered investment professional but associating them with a company that isn’t registered as a broker-dealer with FINRA. Or scammers might provide links to legitimate BrokerCheck profiles while impersonating the registered investment professional. In most cases, the real professional isn’t aware their identity is being misused.
Even when directing investors to legitimate BrokerCheck information, scammers might communicate through unofficial channels such as personal email addresses, social media accounts, encrypted messaging apps, or links from imposter websites or mobile apps rather than through a firm’s official contact methods. The solicitation might include a request for investors to respond with a photo of their driver’s license and other personal information.
Some scammers create fraudulent credentials that claim to be issued by FINRA, the U.S. Securities and Exchange Commission (SEC) or other regulators to try to appear legitimate. They might embed fake certificates into their website or send them directly to investors through encrypted messaging platforms. Though these certificates might look authentic, FINRA, the SEC and other securities regulators don’t issue certificates to firms or professionals.
Sample of a fraudulent certificate
Fraudulent Apps
Scammers might also take advantage of the evolving world of trading securities and crypto assets via mobile investing apps, offering fraudulent investment opportunities in which they impersonate registered firms or mimicking legitimate crypto asset trading platforms while actually sending deposits directly to the scammer. A fraudulent app might include an established firm’s name, logo and branding with slight changes, such as adding “Pro,” “Exchange” or “Global” to the firm’s name, and might also say that the app is linked to a particular registered firm.
These apps are often promoted through imposter websites with prominent download links but might also be available through legitimate app stores. Signs of fraudulent apps might include a developer name that doesn’t match the name of the firm, an image that doesn’t align with a trading app, an app name that repeatedly changes, or a small number of reviews with a perfect or near-perfect rating.
To further add credibility, scammers might pay press release distribution services to publish announcements about their apps. Though they appear in news feeds and on financial websites, these are paid advertisements, not independently verified journalism. The intent is to create a false sense of trust with a target for the sole purpose of eventually draining that person’s wallet.
Imposter apps might offer “trial periods” with promises of gains, then pressure you to deposit crypto assets. When you try to withdraw assets, the app will likely block you and demand additional deposits for “taxes,” “fees” or “regulatory requirements.” Legitimate firms don’t offer trial periods, guarantee returns, or block withdrawals and require additional payments to access your funds.
Tips to Help Protect You Against Imposter Scams
Here are six tips to help keep your money and personal information safe from these types of scams:
1. Watch for red flags of fraud. Guarantees, unregistered products, overly consistent or high returns, complex strategies, missing documentation, account discrepancies, secrecy and pushy salespeople are all cause for concern. Practice spotting persuasion tactics that scammers use, and always exercise healthy skepticism. Be particularly wary of investment solicitations you weren’t looking for, especially those that come through unofficial or unexpected channels, or asks to download mobile apps or provide personal information.
2. Go to the source. Don’t assume that information you receive from a supposed investment professional is legitimate. Before investing, research both professionals and firms by going directly to the sources that collect regulatory information, including FINRA’s BrokerCheck and the SEC’s Investment Adviser Public Disclosure database, and contact your state regulator.
Be aware that certain categories of investment advisers can appear in these databases but are subject to more limited reporting obligations, such as exempt reporting advisers (ERAs). However, ERAs typically only manage portfolios of private funds—not those of retail investors. If someone claiming to be from an ERA is soliciting you directly, consider that a red flag.
Compare documentation you received with reports you obtain yourself, looking for inconsistencies such as a slightly different firm name or location. Verify whether the phone number or website provided to you match what’s listed in the firm’s Client Relationship Summary (Form CRS), and look for independent signs that a firm is actively operating.
3. Verify contact information. See what comes up in a search online for the names of the individual and firm soliciting your business. Does it match the information provided to you, including the contact details? If something doesn’t look right, do a little more digging, including a map search on the address or a reverse lookup on the phone number. Call the financial institution using a phone number on their Form CRS or their public website—not the number that’s been provided in the suspect solicitation—to verify the legitimacy of the professional and the investment. If you’ve been given an individual’s name, ask to speak with them directly to confirm their involvement. If a firm references other financial institutions, service providers or business relationships, confirm those connections directly with the organizations involved.
4. Look for things that appear out of place. Be alert for typos, poor grammar, misspellings, odd or awkward phrasings, or misuse of investment terminology. Scammers might use URLs or email addresses that initially appear correct but on closer inspection reveal substituted characters, such as the numeral 1 in place of the letter l. And websites using the registered representative’s name as the domain name (e.g., firstnamemiddlenamelastname.com) or different fonts within a document could indicate doctored information.
Keep in mind, though, that a polished appearance doesn’t mean a communication is legitimate. Many bad actors now use AI-generated content and professional website design to make their scams seem convincing. Check to see if the details provided on the website or documents, including a company’s dates and locations of operation, match information you’ve been given.
5. Confirm product legitimacy. Clarify the type of product you’re purchasing and type of financial institution you’re working with since not all financial institutions are registered to sell all products. For example, broker-dealer firms that sell securities to the public in the U.S. must be registered with the SEC and must be members of FINRA. If a website is offering only one type of investment, this should give you pause. Also exercise caution if an investment requires a high minimum deposit (such as $200,000 or more) or advertises such perks as higher-than-average interest rates, low or no risk, or FDIC insurance coverage. Investigate the product you’ve been offered, and see if what you find out aligns with information you’ve been given. If the investment is represented as a securities product, look up the CUSIP number, a unique identifier that’s required for many legitimate U.S. securities.
6. Don’t send money, crypto or personal information. Be extra cautious if you’re asked to send information to a personal (rather than a firm) email address, respond to phone numbers that aren’t listed as official firm contacts, or send money directly to the individual or a third party. Don’t ever send money, crypto assets or personal information—such as your driver’s license, passport, Social Security number, date of birth, or bank account information—until you verify that you’re working with a legitimate investment professional.
If you’re suspicious about information you receive from an individual or firm soliciting your business, contact FINRA or another regulator before you send any personal or financial information.
If you have information about potentially fraudulent, illegal or unethical activity, contact your local law enforcement, and submit a regulatory tip to FINRA. If you think you’ve been the victim of any cyber-enabled scam, file a report with the FBI’s Internet Crime Complaint Center.
Learn more about how to protect your money from fraud.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
