Clone Firm Scam UK 2026

The clone signature — what makes it different from a generic fake

An unregulated firm pitching you investments is a straightforward scam. A clone firm scam is more sophisticated: the criminals identify a real FCA-authorised firm and impersonate it. The legitimate firm is innocent; the scam exploits the firm's reputation and FCA-register entry to defeat "is this regulated?" verification.

The four ingredients of a clone:

Real firm name — taken from FCA register
Real FRN (Firm Reference Number) — copied from the register entry
Real registered office address — also from the register
Fake contact details — different website (typically near-identical URL), different email, different phone, different bank account for deposits

The defence is in cross-checking the contact details — not just the firm name/FRN.

What a typical clone-firm pitch looks like

Cold email or cold call from someone presenting as a salesperson at a well-known UK asset manager, wealth manager, or boutique broker. The pitch involves a fixed-term investment product — typically a corporate bond, mini-bond, structured product, or ISA — promising 6-12% annual returns ("market-leading", "tax-efficient", "fully FCA-regulated"). Materials sent over email include:

Professional-quality PDF brochure with the real firm's logo and branding
"Compliance" footer citing the real FRN and registered office
A website URL that's almost-but-not-quite the real firm's URL (extra dash, .com vs .co.uk, sub-domain, etc.)
A "client services" phone number — never the real firm's published number
A bank account for deposits, often in a third-party name ("client account", "custodian", "fund administrator")

The real firm has nothing to do with any of this and typically only discovers the clone when victims contact them post-loss asking about the missing investment.

5-step verification with the FCA Firm Checker

10 minutes; eliminates the great majority of clone-firm scams before deposit.

Type register.fca.org.uk directly into your browser. Don't click any link in the email or document. Don't use a Google search; some clone scams buy ads ranking above the real register.
Search for the firm name OR the FRN provided.
Open the real register entry. Read the firm record carefully: registered name, address, FRN, permissions, status (Authorised / EEA Authorised / Appointed Representative).
Cross-check EVERY contact detail against what you've been sent:
- Phone number on the register entry vs the number in the email/document
- Email address on the register vs the email in the contact materials
- Website on the register vs the website you've been directed to
- Registered office address vs any address mentioned in the materials
ANY mismatch is a clone signal.
Call the FCA-register-published phone number. Use the number on the register, NOT the number in the email. Ask the firm directly whether they've been in contact with you and offered you this investment. If they have no record, you've confirmed the clone. Most legitimate firms will tell you whether a third-party is currently impersonating them.

Red flags in any "FCA-authorised" investment approach

Cold contact you didn't request. The FCA's CISI Code of Conduct restricts cold-calling for retail investment products; legitimate UK firms rarely cold-pitch fixed-income products to retail customers.
Returns above 8-10% on "low-risk" UK fixed-income. The Bank of England base rate at the time of writing is below this; "guaranteed" higher returns reflect either substantial credit risk or fraud. There is no risk-free high return.
Bank account in a third-party name. Real authorised firms use FSCS-protected client accounts in the firm's name with a custodian relationship — not "fund administrator" accounts in another company name.
Pressure to invest by a specific date ("the bond closes Friday", "next tranche oversubscribed"). Real corporate bonds and ISAs don't work this way; urgency is a manipulation tactic.
Documents lack the firm's standard regulatory disclosure footer, or use a non-standard version. Authorised firms have lawyer-drafted compliance footers they don't deviate from.
The website URL is almost-but-not-quite the real firm's URL. Different TLD (.com vs .co.uk), extra hyphen, sub-domain (firm.invest.com vs firm.com), homoglyph (l vs I, 0 vs O).
The "salesperson" can't or won't give you a fixed contact phone number on the FCA-published line.

If you've already invested — what to do

Don't send more money. Don't pay "release fees", "tax clearance", or "verification deposits" — these are the second-stage extraction.
Save all evidence — every email, every document PDF, every payment confirmation, every URL, every phone number.
Call your bank's fraud line immediately. The bank transfer that funded the "investment" may qualify for PSR Mandatory Reimbursement Scheme — time-critical for recovery.
Contact the REAL firm. Use the FCA-register-published phone number. Tell them you've been targeted by a clone of their brand; they'll typically log it for compliance and contact the FCA.
Report to the FCA at fca.org.uk/contact or the Consumer Helpline 0800 111 6768. Critical: the FCA's clone-firm Warning List depends on victim reports.
File an Report Fraud report at reportfraud.police.uk.
Start a PSR claim with our wizard at PSR claim wizard.
Consider FSCS claim — if you reasonably believed you were dealing with the real authorised firm. FSCS may decline because the firm wasn't actually authorised; some clone-firm victims have nevertheless succeeded with FSCS on "reasonable belief" grounds. Specialist solicitor advice is useful here.
Watch for recovery scams — clone-firm victims are heavily targeted by follow-up recovery scammers offering to "fight the FCA on your behalf" for an upfront fee. All upfront-fee recovery offers are scams. Recovery scam warning.

Frequently asked questions

What is a clone firm scam?

A clone firm scam is when criminals impersonate a legitimate FCA-authorised financial firm by using the real firm's name, FRN, registered office address, and sometimes website branding to make their scam appear authorised. The criminal sets up a fake website, sometimes with a tiny domain variation (extra dash, different TLD, .co instead of .com), and uses the real firm's regulatory details to deflect 'are you regulated?' questions. The real firm is innocent — the scam exploits the firm's reputation. The FCA publishes clone-firm alerts on its Warning List as a specific category.

How does the FCA Firm Checker help?

The FCA Firm Checker at register.fca.org.uk is the authoritative way to verify whether a firm is genuinely authorised. To check: enter the firm name OR the FRN; the register returns the firm's full record including registered address, contact details, and permissions. Critically: it returns the contact details on file with the FCA, not the contact details the firm has given you. If the website/email/phone you've been given doesn't match the register entry, you're dealing with a clone — even if the firm name and FRN match. Always cross-check contact details, not just names.

What if the clone firm has the real FRN?

That's the point — they will. The defence is in cross-checking contact details. Real firm's FRN + real firm's name + real firm's registered office, all matching the FCA register, BUT the website, email, or phone number you've been given do NOT match the register. That's the clone signature. When in any doubt, dial the firm using the phone number listed on the FCA register entry, not the number in the email or website you were sent. If the call goes to a switchboard of the real firm and they have no record of you, you've identified the clone.

What does a clone firm scam look like in practice?

Typical pattern: cold email or cold call from someone claiming to be from a well-known UK investment firm (typically a smaller asset manager — better-known names get fact-checked too easily). The pitch is a high-return investment opportunity, often a bond, ISA, or fixed-term product. The materials sent include the real firm's logo and branding, real FRN and address. The website at a near-identical URL looks identical to the real firm. The bank account for deposits is a different name (a 'client account' or 'custodian' or 'fund administrator'). The real firm has nothing to do with any of this and only finds out when victims contact them post-loss.

Can I recover money lost to a clone firm scam?

Mixed prospects, but more route than for unregulated crypto scams. (1) The bank transfer to fund the 'investment' may qualify for PSR Mandatory Reimbursement Scheme — start with PSR claim wizard. (2) The Financial Services Compensation Scheme (FSCS) covers losses where the firm was authorised — but a clone firm isn't actually authorised, so FSCS typically declines. The defence: if you reasonably believed you were dealing with the real authorised firm based on the materials, an FSCS claim may still succeed. (3) Specialist solicitors take clone-firm cases on no-win-no-fee. (4) Report to FCA at fca.org.uk/contact and Report Fraud. (5) Watch for recovery scams — clone-firm victims are heavily targeted by follow-up recovery scammers.

How do I check before investing?

Five-step verification, takes 10 minutes. (1) Go directly to register.fca.org.uk — type the URL yourself, don't click any link. (2) Search the firm name OR FRN. (3) Read the FCA register entry: confirm name, address, FRN, permissions. (4) Cross-check the contact details — phone, email, website, registered office address — against the materials you've been sent. ANY mismatch is the clone signal. (5) Call the FCA-register-published phone number (not the one you've been given) and ask whether the firm has been in contact with you. The real firm will check their records; the absence of any record is the confirmation.