Clone Firm Scams: When Fraudsters Impersonate Legitimate Companies

Clone firm fraud is one of the most consistently under-recognised categories of financial scam because, on the surface, it appears to satisfy every basic due-diligence check. Operators copy the name, registration number, regulator authorisation reference, and head-office address of a genuine regulated company — typically an established investment firm, asset manager, or insurance broker — and present that material on a near-identical website hosted on a typosquatted or recently registered domain. The UK Financial Conduct Authority, the SEC, ASIC, and BaFin all maintain dedicated clone-firm warning streams, but the publication lag means new clones routinely operate for weeks before being formally listed.

The mechanics of a clone deployment are highly repeatable. Threat actors scrape the target firm's public-facing site, replicate it on a domain that differs by a single character or top-level suffix — for example substituting a hyphen, a digit, or the .com TLD with .co or .net — and deploy a contact channel routed to operators rather than the genuine company. Inbound leads are generated through paid search ads bidding on the legitimate firm's brand keywords, through cold outreach citing the cloned regulator reference, and through SEO targeting the firm's name plus high-intent terms such as "login", "investor portal", or "withdrawal".

Detecting a clone requires triangulating signals that a single registry lookup cannot capture in isolation. The domain's WHOIS record, registration date, and registrar pattern must be cross-referenced with the firm's public corporate history. The website's actual operating address and phone number must reconcile with the official entry in the relevant business registry and the regulator's Financial Services Register. Any divergence — a domain three months old claiming a thirty-year corporate history, an authorisation reference that resolves to a different legal entity, a regulator warning naming the URL — is conclusive evidence of a clone. Genuine firms never operate from freshly registered look-alike domains.

Scam AI is built to perform this multi-source triangulation automatically. By cross-referencing the submitted URL and company name against global business registries, regulator clone-firm warning lists, sanctions data, WHOIS telemetry, and Google's unsafe-website intelligence, and by applying an AI reasoning layer over the combined evidence, the platform flags clone-firm patterns that manual checks routinely miss — and returns a clear, evidence-backed verdict in seconds. Anyone contacted by a representative of a regulated firm through an unfamiliar website should run the URL through scamai.org free of charge before responding, sharing identification, or transferring funds.