Much like the chicken and egg riddle, it is difficult to know which came first – hackers or the Internet? It is also difficult to attribute the shear abundance of hacking attempts taking place on a daily basis to just a bunch of restless geeks looking to have fun at someone else’s expense. The majority of these efforts are well funded and well organized, perhaps, dedicated wings of some international crime family, looking to modernize their fraudulent activities. The latest rage to hit the forex world and other financial arenas, as well, has been labeled “Clone Wars” – the act of replicating a legitimate website to attract unwary customers with the intent to defraud.
Are you beginning to hear the “Star Wars” theme and wondering about some movie misadventures in another galaxy, far, far away? Reality is sometimes stranger than fiction, but in this case, the storyline seems to have been lifted from some Hollywood SciFi caper. Rarely a month or even a week goes by that we do not hear about the breach of a large database of consumer personal information. Payment card providers and major retailers have been dealing with these acts of thievery for decades. Their losses have promoted the development of sophisticated encryption technologies to block the attacks from hordes of hackers, bristling for direct frontal assaults. Accessing your vital records is their first priority, and “cloning” is their latest form of attack.
One also has to ask how many more hits can the retail forex community take before it cannot get up off the canvas? Another global fraud peril is not a pill anyone wants to swallow. In 2013, the crisis in Cyprus leveled the playing field, but the industry recovered. Low volatility in 2014 resulted in lower volumes and with it, lower profits, followed by industry consolidations across the globe. Regulations and rising capital requirements have driven many brokers from the U.S. market, to the point that many will not accept U.S. clients under any terms. Lastly, the brokerage community is still reeling from the Swiss Franc Debacle, but insidious fraud malaises can be interminable.
What are today’s security precautions and how good are they?
If you turn on a financial services website, one that deals with the exchange of money for a variety of services, foreign exchange trading services being just one of many, your first day of business will consist of beating back these hordes. Their antennae can instantly detect the presence of this type of site, and their first assault is designed to test the durability of firewalls and determine what style of “rampart” is necessary to scale the walls to access the sought after treasure – personal ID and card information, or even money if the keys to the safe are laying on some electronic table. IT departments have been turned on their respective heads in such situations, if security precautions were lax.
Every financial website that wants your business today will have a section of their site offering that is devoted to safety and security. At some point, you will see the magic words, “all personal identification, payment method, and trading session data are encrypted using the latest in 128-bit SSL (Secure Socket Layer) technology.” Just reading these words can give most people a headache, since such highly complex and technical jargon can turn our brains to jelly in a flash.
A simple explanation from one source reads, “Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over a computer network. A prominent use of TLS is for securing World Wide Web traffic between the website and the browser carried by HTTP to form HTTPS, with notable applications being where electronic commerce and asset management take place.” If you can find a less cryptic definition, be my guest.
As noted from the same source, “The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing.” Using network encryption protocols is only one form of protection. Programmers must also establish electronic “firewalls” within their computer infrastructures to stop “stray bullets” from a hacker’s “gun” before it does any damage. Simply put again, “A computer firewall controls access between networks. It generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous.”
If the defense is formidable, then the hacker may leave when his malicious software, in the form of viruses, worms, Trojan Horses, or spyware, is rendered ineffective. Why waste time on obstacles when there are plenty of weak websites in existence? The criminal element is not bereft of logic. They pick the low-hanging fruit that requires the least effort. It’s called getting the most for your money and time of effort. There are, however, IT geeks out there that love the challenge, but that is another story.
What exactly is a “clone website” and why now?
According to “Forex Magnates”, the cloning of legitimate websites has reached a fever pitch in the latter half of 2014. Their take is that, “Clone sites primarily come in two forms. One case is a fake broker website almost identical to the broker it is cloning with the aim of gleaning client information, such as bank account and credit card numbers to commit financial fraud on affected customers. Such websites don’t actually sell forex services, but use phishing for confidential information. The other form of cloning is actual online forex brokers who slap the existence of regulation on their websites, often stating they are affiliated with a licensed broker. In this case, the actual broker can become the target of angry customers who unbeknownst to them are actually trading with an unregulated broker.”
Regulators have also been active, chasing down these crooks and issuing warnings to the unsuspecting public. The activity appears to be heightened in Asia, where local prohibitions against forex trading have been lifted and where an eager group of newcomers are unaware of the pitfalls of fraudulent online schemes. Regulators have specifically targeted a number of clones in this region, but for all intents and purposes, the global size of this problem could be vastly more than anticipated, the tip of the iceberg, so to speak. Why now? The new influx of naive consumers in Asia is one reason, and efforts to protect customer data have been working, another. Encryption techniques and the proper use of firewalls have had an impact. When one pasture runs dry, crooks tend to move quickly to another one that is greener.
What are the “red flags” to be wary of for this type of fraud?
One thing to look out for is a clumsy misspelling or mispronunciation of the legitimate company’s name in either the website address or within the text of the website pages. Be skeptical of a firm that highlights their connection with another, better-known partner, especially if they are located in London or another financial center of the world. In this case the crook is using the credibility of another company’s name and regulation to gain your trust and secure your initial deposit, which will never be returned.
Another give-away is to be asked for confidential information (i.e., passport data, payment information, personal ID details) to gain access. Such information should only be required when setting up a trading account in order to facilitate a quick withdrawal down the road. Lastly, be sure to check with your local regulator’s website from time to time for any warnings or announcements regarding fraudulent activity. The CFTC and the FCA are ever vigilant at exposing criminal activities as soon as they come to light.
Although encryption techniques and firewalls can be complex, the lesson here is simple – clone websites use trickery to prevent encryption from ever taking place. They have no need of these protections. They only want your hard earned cash deposit or personal identification information to use in another fraudulent scheme. Be skeptical at all times, and be wary of the aforementioned warning signs. If the broker purports to be licensed through another legitimate broker in another country, go to that broker for confirmation of the relationship. It would only take a quick check with the customer service rep at the legitimate broker’s office or website.
As always, remember that you are your first and last line of defense when it comes to preventing fraud in any form! Listen to your gut, and do not be afraid to ask questions!