Background

In recent months there has been a concerning rise in the creation of elaborate "scam" or "clone" websites ("Fraudulent Websites") which purport to represent authorised entities in the Irish financial services sector. At particular risk to these Fraudulent Websites are investment funds and their managers ("Funds") and investors alike.

Fraudulent Websites often clone existing regulated Funds and attempt to encourage unsuspecting investors to transfer subscription monies in the expectation of receiving shares in the relevant regulated Fund.

The Central Bank of Ireland (the "Central Bank") has recently warned that the cloning of legitimate Fund details has become increasingly common, with fraudsters providing replica investment materials and quoting a combination of legitimate authorisation numbers/company registration numbers, addresses and links to seemingly legitimate websites for the purpose of this fraud.

In this briefing we outline some practical steps which can be taken by Funds and investors alike to mitigate the risk of falling victim to this type of cyber fraud committed via Fraudulent Websites, and suggested actions which should be taken by Funds where a Fraudulent Website has been discovered.

Risk Mitigants for Funds

To mitigate the risk of potential investors being drawn to Fraudulent Websites, the Fund should consider implementing the following measures:

  1. Purchase of relevant website domain names: Funds should consider the purchase of domain names which could be used to promote the relevant Fund in order to prevent such a domain name being used for fraudulent purposes.
  1. Utilising search engine notifications: Search engine notifications could be used by Funds or their service providers to ensure that where a Fraudulent Website has been created in relation to the Fund, it is identified quickly and appropriate action can be taken.
  2. Include risk warnings in the offering documentation: Consideration could be given to inserting a risk warning in the Fund's offering documentation to make potential investors aware of the risk posed by Fraudulent Websites and to advise them to take appropriate steps to ensure they are communicating with a legitimate representative of the Fund.

Action To Be Taken Where a Fraudulent Website Has Been Created

In the event that a Fund is cloned through the creation of a Fraudulent Website, the following steps should be considered:

  • Notify the Board of Directors of the Fund and initiate an appropriate action plan.
  • Notify the administrator, any distributor appointed to market the shares of the Fund and any other service providers to the Fund.
  • Notify the Central Bank (in the case of an Irish-domiciled Fund), the Irish Garda National Economic Crime Bureau1 and, where relevant, the relevant police force in the jurisdiction of any impacted investor.
  • Consider whether regulatory authorities in other jurisdictions should be notified (for example, if the information on the Fraudulent Website refers to the Fund being authorised by a regulatory authority in another jurisdiction, or if the Fund is registered for sale in another jurisdiction).
  • Advise the impacted investor to separately report the matter to their relevant regulatory authority and police force, as well as notifying their banking institution of any transaction details in the event monies have been transferred via the Fraudulent Website.
  • Notify existing investors in the relevant Fund of the existence of the Fraudulent Website and include appropriate 'alerts' on the Fund's official website.
  • Consider instructing legal counsel to issue a letter to the host of the Fraudulent Website or relevant domain registrar requesting its removal, provided that local law enforcement and regulators confirm that this will not result in "tipping off". Website hosts and domain registrars will require proof that the Fraudulent Website is not the legitimate website for the relevant Fund.
  • Where a contact email address is provided on the Fraudulent Website, a "Cease and Desist" letter could also be prepared and issued to that email address.
  • Contact the relevant internet search engine to request the removal of the Fraudulent Website from its search engine results.
  • If the website has not been taken down within a specified timeframe, consider the initiation of formal legal proceedings.

Any additional steps to be taken will need to be considered on a case-by-case basis.

Investors: Advice for Avoiding Scams

Investors are strongly advised to exercise caution when accessing information or engaging in financial transactions related to a Fund. It is important to verify the authenticity of any website claiming to represent the Fund and its offerings.

To mitigate the risk associated with Fraudulent Websites, potential investors are advised to:

  1. Exercise due diligence: Verify the legitimacy of any website or communication claiming to represent the Fund by checking for any irregularities, such as misspellings in the URL or grammatical errors in the Fund's website, emails or paperwork. Always cross-reference information with official sources, such as the Central Bank registers in the case of an Irish domiciled fund.
  2. Contact the Fund directly: If in doubt, reach out to the Fund using official contact details provided on the Fund's official website. Seek confirmation of any suspicious communications or websites.
  3. Report fraudulent activities: If any Fraudulent Websites or suspicious activities are identified, promptly report them to the Fund and appropriate authorities, such as the Central Bank or the Irish Garda National Economic Crime Bureau.

Conclusion

Given the recent increase in the creation and operation of Fraudulent Websites, we would encourage all Funds to consider implementing appropriate preventative measures to reduce the likelihood of being cloned and/or the likelihood of a potential investor suffering loss as a result of subscribing for shares via a Fraudulent Website. If a Fraudulent Website is discovered, prompt action should be taken.

Footnote

1. Section 19 Criminal Justice Act 2011 places a legal obligation to report to An Garda Síochána, information relating to possible frauds which a person knows or believes might prevent the fraud being committed, or secure the apprehension prosecution or conviction of a person involved in fraudulent activity.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.