Fraudsters clone architects’ websites
Impersonators pose as UK architects to engage lawyers’ services in the US
A cheque payment fraud being perpetrated in the US has recently been making its presence felt amongst a couple of London architects practices. It involves the cloning of UK architects websites in order to provide credence to the fraudster’s approaches to lawyers in the states requesting legal services.
Having masqueraded by email as a legitimate UK architect they seek to engage lawyers’ services to recover an alleged debt from a client based in the states. The fraudster impersonating the UK architect supplies a cheque for $5000 as a retainer to the lawyer. The lawyer is instructed to deposit the cheque, take out retainer fees, and wire the remaining funds to a bank (typically outside the US) After the balancing funds are wired overseas, the cheques are revealed to be counterfeit.
The first that a UK architect may become aware that they are being impersonated is when they may receive an email from a lawyer who has become suspicious and has taken the trouble to investigate further.Such unsolicited emails can easily be put aside as junk and ignored and thus not being recognised as the electronic Good Samaritans that they are. Unchecked the volume of emails from Stateside lawyers may rise until personal phone calls from lawyers and the arrival of contract documentation through the post highlights that this is a real problem. The extent of which is most clearly perceived when the existence of an almost exact copy of your real website is revealed to you using a subtly different domain name and obviously a different email address and phone number.
At this point reporting the fraud to the police in the UK (www.actionfraud.police.uk) and the FBI is a sensible first step. Both the UK police and the FBI are familiar with the scam (www.actionfraud.police.uk/node/203 and www.fbi.gov/scams-safety/e-scams).
You can also try and get the fraudulent website taken down. Firstly use a “whois” website to reveal information on the registrant of the fraudulent domain names but of more immediate use the name of the website hosting company. Typically the unwitting hosting company will be one of the larger players in the market such as yahoo or go daddy. Both companies do have an online process for applying for the removal of fraudulent websites or websites which infringe copyright. This isn’t necessarily a quick process and in order to comply with their procedures you may find that you will need to provide some very specific information and potentially accompany your application with a digital signature in order to verify that you are the real you! Digital signatures typically cost £40-£50 annually and can be purchased from companies such as Verisign or Globalsign(You are likely to need to provide scanned copies of a photo id during the purchase process).
Other than being generally vigilant and aware to the potential misuse of your identity there are some basic steps that you can take to reduce the risk that you will be targeted by this particular type of identity theft.
Firstly consider registering a number of variants of your domain name to avoid them being used by others. For example your company may be called JoeBloggs Associates trading as Joe Bloggs Architects and you are using joebloggsarchitects.co.uk as your domain name. Try and register different permutations using associates and architects in the domain name and using both the .com and co.uk suffixes. It may also be worth registering variants which use a hyphen before the word architects or associates. You may end up with a longish list but. co.uk domain names can be as little as £4 annually and the .com domains about £10 annually. Once registered nobody else can use them and you can point them all at your existing website.
Beyond this fraudulent copies of your website will be less attractive to clone if you update your own website regularly. It may also be worth specifically including a copyright reserved footer on your web pages as this may assist when using copyright infringement as the argument when you are asking a web hosting company to take down a fraudulent website on copyright grounds.
And finally make sure that your own website and email accounts remain secure by using appropriate passwords. Use a long password (10 characters or more), use letters numbers and symbol characters and be careful where you store password reminders.
Hugh Davies is co-founder of IT consultant Lomas Davies