Skip to content
Legislative and Regulatory Framework > Conduct in Focus Issue 6 Article 3 Fraudulent websites and the art of building the illusion of trust

Fraudulent websites and the art of building the illusion of trust

December 2022

Online activities have become part of everyday life. From financial services to entertainment, from shopping to health advice, cyberspace has opened up new horizons and provided us with a level of convenience our ancestors would never have thought possible.

Our total embrace of technology, however, has come at a cost. Scammers and con-artists use the cloak of cyberspace, combined with their knowledge of human psychology, to formulate multiple ways to part victims from their money.

Nice website….this must be real

The simplest con involving a fraudulent website is to offer mass-market bogus insurance products for sale online and trick victims into inputting their payment details and personal data through a false application pathway. The fraudster steals the premium and can recycle the inputted information for other criminal means, such as credit card fraud or identify theft. The IA has come across other scams, however, where the fraudulent website is deployed as part of a more elaborate scheme to build trust with the victim before taking their money. For example, the fraudulent website may serve as a mechanism for unknowing victims to do due diligence on the company, thereby giving them a false sense of trust to proceed with a fraudulent transaction that involves a significant outlay of premium. 

In some cases (and quite astonishingly) the fraudulent website will seek to establish this trust by actually warning against the exact fraud it is about to commit. Seeing the warning on the website, the unknowing victim is tricked into thinking (a) there is no way this company would be committing a fraud that it is itself warning against; and (b) the fact that the company knows of the type of frauds being committed in relation to such insurance products, establishes its expertise to sell such products. In short, by means of an audacious bluff, trust is built.

Example

SCAMMERS

A team of scammers set up a website for XYZ Sustain Ltd. The scammers then start reaching out through phone-calls to targeted victims offering an “investment protection insurance” as a type of investment security bond.

One of the potential victims is interested by the concept of an “investment protection insurance” as it is presented. The coverage purports to protect against certain financial losses associated with investments. The victim performs basic due diligence on XYZ Sustain Ltd. and comes across its website.

POLISHED WEBSITE

The victim observes that XYZ Sustain Ltd.’s website is polished, with exactly the type of pictures you would expect from an insurer. There are professionally taken photos of smiling families of different generations, infrastructure projects with people in hard hats, doctors in white coats, healthy athletic people participating in yoga classes, and smiling sharp suited personnel who are stated to work for the company. This is all coupled with the expected promises of insurance to protect lives and businesses.

FRAUD ALERT

Interestingly, the website has a page headed “Insurance Fraud Alert” warning against companies selling fake investment security bonds with tips on how to avoid this kind of scam (and stating if you have any suspicion, to call the police).

On a separate page of the website XYZ Sustain Ltd. positions itself as the leader in the specialist market for investment security bonds.

VICTIMS’ TRUST

Given the appearance of the website, and the fact that XYZ Sustain Ltd. itself is warning against potential frauds, the victim considers this as indicating the company’s authenticity and sincerity and decides to pursue the opportunity by telephoning back the scammers.

Having gained the victims’ trust, the scammers lure the victim into applying for an investment security bond with an up front premium payment. In return an official looking insurance policy is issued to the victim.

MONEY GONE

One day the victim seeks to notify a claim. His phone calls and e-mails are not returned. He never sees his money again and he soon realizes the policy is not worth the paper it is written on.

Don’t fall for it!

The above example, although fictitious with the names not being real, is loosely based on different real-life situations brought to our attention.

The combination of a plush, authentic looking website and the psychological manipulation being performed by warning against fraud as a means of gaining trust, can sometimes catch people out.

Don’t fall for it! Be aware of the trickery at play and keep the following tips in mind to help identify potential fraudulent websites.

  1. Check the domain name carefully. The fraudulent website may use a name that looks similar to a legitimate site address, trying to pass itself off as a real company in the insurance sector (albeit the domain address will never be exactly the same as the real company or may have words added to it).
  2. Beware of those websites that may look very professional but when inspected closely raise “red flags” and suggest they are just “style” and no “substance”. Yes, the website may have the plush professional photographs but……
    • Often information on the company itself is insubstantial and very general. For example it may not even give its insurance licence number or indicate who it is regulated by.
    • There may be links which are broken (an obvious “red flag”).
    • The description of some of the insurance products offered may be wrong. For example the “life insurance” webpage description may not even refer to coverage for loss of life, but may have been copied from another website describing a personal accident insurance.
    • Poor language may be being used with obvious grammatical errors.
  3. Do not trust the website alone. Try and find another trusted source of verification. In fact if the only information you can find is the website alone (and there are no other references at all to the company) then alarm bells should be ringing.
  4. You can verify the authorization or licensing position of the company by making good use of the IA’s registers to check whether it is a regulated entity and verify the contact information from that shown on the IA’s registers. If the website denotes that the company has a Hong Kong address, then the likelihood is that it should be a regulated entity shown on the IA’s registers.
  5. Do you know anyone else who has used the company’s services? If not take extra caution. Especially if it is an insurance product which has been offered to you “out of the blue” and it seeks to cover things like losses you make on your investments.
  6. Ring a licensed insurance intermediary that you trust to ask for their opinion.
  7. Most importantly of all, trust that voice in the back of your head which is telling you something is not quite right! It could save you a lot of money.