How to beat the scammers

Scams like this often work on pyramid selling principles and offer commission to victims for introducing other investors. Rumours spread like a virus through online bulletin boards, live chat rooms or by mass emails, and in a short time the net of victims has been cast very wide. The diagram below shows how a typical internet investment scam operates.

Target the website

Get to the bottom of the facts fast: how is the scam operating? Is there a fake website? Members of the public caught up in the scam can be a mine of information. By getting instructions and a checklist of questions out to sales and customer service staff immediately you can quickly gain information about how the scam operates. This could prove very useful to trace it and have it shut down. Instruct staff to find out as much as possible about the scam, including details of any website or bank account. Take names and contact details so you can follow up complaints.

Identify the registrant (the owner of the domain name). This is done through an online whois search. Although the owner's details are likely to be bogus, they may give clues to the identity and whereabouts of the fraudsters. It is also possible to find out the domain name registrar (the entity that allocated the domain name to the fraudster) and the IP address, which is the first step in locating the ISP that hosts the site. People complaining about the scam should again be able to give you information on the ways in which the scam is being perpetrated. Some may even have had direct contact with the fraudsters.

The fake website is at the heart of the investment scam. It exists to give a veneer of legitimacy to the scam. However, the website also offers the first line of attack in fighting back. By having the website taken down, an important part of the fraud stops. At the same time, potential victims become aware that all may not be as it seems with the investment opportunity. Understanding the identity and location of the domain name registrar, web‑hosting providers and other ISPs involved is an important first step in identifying the legal and practical options (see below). A single website might be hosted by a long chain of ISPs located around the world. Online searches are available to identify the domain name registrar, the IP address and the first line of hosting. However, it may be necessary to engage investigators with internet forensic capabilities to identify the ISP and other regional hosting providers.

Speed is essential

Internet fraudsters aim to make their money as quickly as possible and move on before they can be traced. The scam may have already been in operation for several weeks by the time you hear about it. Pursuing traditional legal remedies such as claims for IP infringement or libel is often too slow and not suited to the task.

In the absence of a strong internal IT forensics team, one of the first things to do is brief and bring in investigators to follow up with the complainants and pursue leads on the ground. Make sure the investigator has specialist internet forensic capabilities and is able to locate ISPs.

Under both PRC and Hong Kong law, ISPs that knowingly host fraudulent websites may be jointly liable. Notifying the ISP of the scam is an important first step to establish its liability. Contacting an ISP directly is faster and cheaper than suing. Ask the ISP to block or disconnect the site. Point out the (likely) non‑compliance by the fraudster with the ISP's terms of use policy. These are usually IP infringement or criminal acts and the ISP's own secondary liability for the fraudster's acts.

Large ISPs will generally act quickly if it is clear that there is a scam or your IP rights are being infringed. Smaller ISPs can be less responsive and sometimes even unscrupulous. Intermediate ISPs can easily be switched so it is necessary to persevere. The fraudsters need to know that they are being investigated and you will not let up in your efforts to stop the scam.

Depending on the registrar's terms of use for a domain name, it may be willing to disable the offending domain name. Registrars generally publish their terms of use and abuse policies on their own website.

Filing a police complaint

In some cases, making a complaint to the police offers the only long‑term solution to track down fraudsters and put a stop to the scam. However, internet investment scams are effective because the fraudsters are difficult to track down. So it is important to be realistic about the speed at which any police investigation will move forward.

The Economic Investigation Bureau of the Ministry of Public Security (MPS) often takes two or three weeks to acknowledge a complaint and several weeks more to launch an investigation. Even then, the MPS will often rely on you to produce evidence of the scam and leads for them to follow up. The State Administration of Industry and Commerce and China Internet Illegal Reporting Centre may also accept complaints about illegal behaviour on the internet. But its response times can be equally slow. The Commercial Crimes Bureau of the Hong Kong police is considerably more responsive. However, it will be reluctant, and often unable, to act under the Pyramid Selling Prohibition Ordinance without clear evidence of a connection to Hong Kong.

The China Securities Regulatory Commission and China Banking Regulatory Commission operate complaint lines for illegal activities. However, they do not have the capacity to investigate an internet scam.

In Hong Kong, The Securities and Futures Commission has issued a circular advising licensed organisations that are affected by fraudulent websites to notify it, file a police complaint in Hong Kong and warn the investing public. This circular is not a formal regulation and there needs to be a strong enough link to Hong Kong for the advice in the circular to apply.

PR and legal options

The public relations team should consider how to get a clear message that there is no connection between your company and the fraudulent entity. They should also let people know what action you have taken, such as reporting the scam to regulators and law enforcement authorities. This can be an effective way to counter reputational risk and show that you are taking steps to protect the public.

Consider placing a notice on your own website to warn people about the fake site and direct enquiries to a central contact point in your office. If victims of the fraud are believed to be primarily Chinese‑speaking, you will have the option to publish a disclaimer in Chinese only. This has the added advantage of limiting possible negative perceptions among your non‑Chinese‑speaking customers.

The most cost‑effective way to recover domain names is through the Uniform Domain Name Dispute Resolution Policy (UDRP), a relatively effective procedure to recover unlawfully registered domain names. A decision in a UDRP action will typically take three or four months. So this is a second line of response if the website cannot be taken down more quickly another way.

US federal courts are empowered to compel ISPs and web‑hosting providers to disclose information that will help proceedings in other jurisdictions. These entities may or may not have reliable information to help identify and locate perpetrators. A Norwich Pharmacal order in Hong Kong will be available in appropriate circumstances against, for instance, a bank in the territory that provides an account connected to the scam. The order requires the bank to disclose the identity of the account holder and details of transactions through the account. Orders have been granted in the past in support of potential foreign proceedings as well.

Civil proceedings are more likely to be appropriate if there has been a deliberate infringement of your intellectual property or malicious or libellous reputational damage. A tortuous action against an ISP that refuses to take down connections to a website might also be an option, depending on the jurisdiction in which the ISP is located.

The Stop Online Piracy Act bill being considered by the US House of Representatives may also provide new remedies that can be applied against internet scams, although it is primarily directed at fighting copyright infringement and online distribution of counterfeit goods. For instance, in its current version the bill would allow the US Department of Justice to seek orders against US‑directed internet service providers to cut off service to foreign websites that are accused of infringing activities. Progress of the bill through Congress is currently stalled, however.

Stay vigilant

Brief your customer relations departments, sales teams and call‑centre staff to ensure you have a consistent approach to managing future complaints and getting information about possible scams.

Create standing instructions (including a checklist of questions) for front‑line staff to record critical information about a suspected scam, how and where it is operating, how contact was made and details of any bank account into which funds are to be deposited. Keep a detailed record of all complaints.

Register country code top‑level domains for your main brand names and ring‑fence variations that are most likely to be used for a scam website in your key markets and jurisdictions where fraud is a high risk. Many domain name registrars offer bulk registration of domain names at a discount. In truth it can be difficult to spot all possible variations that could potentially be hijacked, but it is better to make an attempt to claim the domain names that are most vulnerable than to do nothing.

Spotting potential frauds early on can help prevent potential PR disasters and allow an early fight back. Use the array of software available to monitor public sites and domain names to identify unauthorised use of your company's name that might be connected with an internet scam.

We recommend you give your risk and compliance department standing instructions to carry out routine internet searches on at least a quarterly basis.

By Connie Carnabuci and Richard Bird, Freshfields Bruckhaus Deringer, Hong Kong