A ring of scam artists based in West Africa has been impersonating financial advisors by creating lookalike websites and fake customer onboarding processes—and the sites have been so convincing that they’ve fooled wealthy clients into sending personal documents and funds, according to DomainTools, a cybersecurity research firm that provides companies with threat intelligence.

The “brazen attempt to deceive investors and steal identity documents” is tarnishing the brand of financial advisors, firms and even social media influencers by using their images and logos to promote their scams, the firm said in an update to a report the firm first published in January.

The latest wrinkle to the scheme: The scam artists are now even impersonating the Financial Industry Regulatory Authority.

The Finra impersonation is an attempt “to solicit additional identity verification documents from victims,” by asking them to comply with erroneous compliance requirements related to money laundering and other issues, and thus induce investors to send identity documents, DomainTools said.

“The added layer of deception represents an escalation in tactics by this fraud ring and presents additional risk to consumers and financial institutions,” the cybersecurity specialist added.

"These types of scams and tactics are not new, but Finra continues to monitor for such attempted fraud and notifies the public, member firms and law enforcement as soon as possible,"  said Greg Ruppert, executive vice president, Member Supervision at Finra.

DomainTools first reported that fraudsters were using Finra as a repository from which they gathered investment advisor data for impersonations in January.

“Now we believe the fraudsters tied to this campaign are attempting to pose as Finra itself in order to solicit investors’ personal documents,” the company reported.

The fraud ring has expanded their set of activities to include both cryptocurrency investment scams and identity theft. By using regulatory organizations like Finra to further bolster their schemes, “the fraudsters have escalated their tactics and, in doing so, created an even more treacherous environment for investors and brokerages,” DomainTools said.

In an example of a lookalike advisor website discovered by the firm, the scam artists said they needed to solicit investors’ identification documentation for compliance purposes.

The website said the fake firm is “authorized and regulated by the Financial Industry Regulatory Authority” and even used the Central Registration Depository (CRD) number of the firm it was impersonating.

A click-through button in the email labeled “Contact Finra,” brings investors back to an impersonation ring actor instead.

“This tactic attempts to exploit investor confusion regarding the role of Finra in how it regulates financial advisors by brazenly claiming that Finra is their know-your-customer and anti-money laundering provider," DomainTools said. ("Know your customer" requirements are those that pertain to verifying a client's identity.) "To be clear, Finra does not provide these services,” DomainTools added.

The schemers also claim to “possess many years of experience in the investment business, combining expertise across a wide spectrum of asset classes, including hedge funds, private equity, commodities, as well as more traditional asset classes. Our investment philosophy is simply a diversified investment approach.”

Each part of the ruse was designed to get investors to upload documents with personal information, including a government-issued passport, ID card or driver’s license, bank account statements, proof of residence (such as a mortgage statement or agreement) and utility bills, the firm noted.

“These documents are highly valued in fraud communities,” DomainTools said. A victim that uploads identity documents to a fraudulent service will likely see those documents sold or otherwise shared within a broad base of cybercrime communities, creating potentially years of identity theft nightmares.

The new Finra angle has been added to the core investment scam to create “a greater air of legitimacy” and greater profit, the firm added.

While impersonation scams are certainly not new, there are surprising new variants every day, according a 2021 Finra report. The agency observed an increase in cyber-related incidents, including fraudsters creating fake websites using the names and professional details of actual industry professionals. The FBI and SEC have also issued warnings.