What is an Imposter Site?

By Jennifer L. Szaro, CRCP, Chief Compliance Officer

WHAT IS AN IMPOSTER SITE?

What do financial services firms, the IRS, and Microsoft have in common? They all have reported fake websites created to mimic their real website or a website created about their employees to engage consumers for nefarious purposes.

These imposter websites were established by fraudsters and are out of the control of the real organization. We haven’t received any indication of this with XML, but we want you to be aware of this trend and to spot them should it occur. Usually the URL will be slightly different and the email will ask you to click a link to the site. They can also show up in browser search results.

Notify us immediately if you suspect an imposter site related to XML or an employee.

• Our websites are www.XMLFG.com and www.XMLFG-W.com  Do not click on any website claiming to be XML with a different address. Likewise our Advisors do not have their own standalone websites.

• To access your custodial account login go to www.XMLFG.com.

• Recognize our voice? If you receive a call from “XML”, make sure you recognize the voice as your Advisor or a Client Service Associate. If you are unsure, call back on the XML main phone, the branch numbers are on our website. We don’t mind. We would rather you feel confident that you are taking with us especially when providing personal information.

Imposter scams come in many varieties, but work the same way: a scammer pretends to be someone you trust to convince you to send them money. 

Learn how to spot an imposter scam on: https://www.consumer.ftc.gov/features/feature-0037-imposter-scams

FALLEN FOR AN IMPOSTER SITE? SO WHAT JUST HAPPENED?

Have you clicked on a site thinking you were logging on to the REAL site, but nothing happened? I’ll tell you what was likely happening. Your entries were being captured by the fraudsters. Were you entering a combination of usernames and passwords to log onto the site? The fraudsters now have those combinations and will try them on other sites – such as your email accounts, bank accounts, health plan portals (that have your social security number and date of birth), and popular online shopping sites likes Amazon, that may have stored credit cards or offer eGift cards.

So for all the sites and portals that you use the login combinations you were typing, change them. Sorry to be the bearer of bad news, but this is the reality.

This is why it is recommended that you not use the same password for multiple logins. That’s a whole other topic for another blog post.