425 Broadhollow Road
Suite 416
Melville, NY 11747

Freiberger Haber LLP
420 Lexington Avenue
Suite 300
New York, NY 10170


Enforcement News: Spoofing and the $26 Million Dollar Fraud on the Elderly and Retirees

Print Article
  • Posted on: Mar 20 2020

“Spoofing is a type of scam in which criminals attempt to obtain someone’s personal information by pretending to be a legitimate business, a neighbor, or some other innocent party.” See Julia Kagan, Spoofing, Investopedia (updated Jan. 29, 2020) (“Spoofing”) (here). Spoofing can occur in any form of online communication, including emails, text messages, telephone calls, and websites. Id. Although spoofing comes in many forms, the goal of spoofing is the same: to deceive people into divulging personal and/or financial information that the scammers can exploit for their personal gain.

Common Spoofing Scams

Email Spoofing

Also known as “phishing”, email spoofing involves the transmission of emails having a falsified “From:” line. The point of the email is to trick the recipient into believing that the message comes from a legitimate source, such as a friend, a bank, or some other known business or entity. 

Text Message Spoofing

Also known as “smishing”, text message spoofing is like email spoofing. The recipient receives a text message that appears to come from a legitimate source, such as a friend or the recipient’s bank, credit card company or phone company. The message typically requests the recipient to call a certain phone number or click on a link within the message, with the goal of inducing the recipient to divulge personal information.

Caller ID Spoofing

With Caller ID spoofing, the scammer falsifies the phone number from which he/she is calling to get the victim to take the call. The victim’s caller ID will show that the call is coming from a legitimate business or government agency, such as the Internal Revenue Service. As with other forms of spoofing, the goal of the scam is to induce the victim to divulge personal and/or financial information.

[Ed. Note: the IRS says that it does not call taxpayers to tell them they owe taxes or are the target of an inquiry or investigation without first sending them correspondence in the mail.]

URL Spoofing

URL spoofing occurs when scammers create a fraudulent website to obtain information from victims or to install malware on their computers. For instance, victims might be directed to a website that appears to belong to their bank or credit card company and be asked to log in using their user ID and password. If the person falls for the request and logs in, the scammer has the victim’s information to log into the website of the legitimate entity or government agency and access the victim’s accounts. See Spoofing, supra.

URL spoofing is the subject of an enforcement proceeding commenced by the Securities and Exchange Commission (“SEC” or “Commission”) against Denis Georgiyevich Sotnikov (“Sotnikov”), a Florida resident and Russian national, and entities he controlled for allegedly participating in a fraudulent scheme to lure U.S. investors into buying fictitious Certificates of Deposit (“CDs”) promoted through internet advertising and spoofed websites.

The March 13, 2020 press release announcing the charges can be found here

In addition to commencing enforcement proceedings, such as Sotnikov, the SEC has issued an investor bulletin to educate investors about detecting URL spoofing and buying CDs from websites that “that mimic the actual sites of legitimate financial institutions.” (Here.) Aside from warning investors about the fraud, the bulletin identifies a number of red flags indicating the presence of fraud. These include, among others: (a) posting interest rates higher than one could find at any other financial institution, with no penalties for early withdrawals; (b) offering CDs only, instead of a full panoply of financial products, such as banking or brokerage accounts, loans, or commercial banking services; (c) requiring a high minimum deposit, often more than $200,000; (d) directing potential investors to wire funds to an account located outside the U.S., or to a U.S.-based account having a different name than the financial institution claiming to sell the CD; (e) claiming that the spoofed financial institution is a member of the Federal Deposit Insurance Corporation (“FDIC”) and that deposits are FDIC-insured; and (f) identifying “clearing partners” who are purportedly registered with the SEC. 

Some of the foregoing red flags were at issue in the SEC’s enforcement action against Sotnikov and his co-defendants.

SEC v. Sotnikov

[Ed. Note: the discussion below is taken from the SEC’s complaint (here).]

Sotnikov concerned an alleged fraudulent scheme in which U.S investors – many of whom are older and using their retirement savings – were lured to websites offering fictitious CDs at above-market rates. Some of the websites spoofed actual U.S.-based financial institutions, while others offered CDs from fake financial firms.

The CDs offered by Sotnikov were allegedly fictitious instruments not issued by a legitimate U.S. bank, and, therefore, were not subject to the protections offered by U.S. banking laws. Notwithstanding, said the SEC, to convince investors that the CDs were real, the fictitious CDs mimicked legitimate CDs by purporting to have a fixed maturity and promising a specific and above-market-rate of return. The CDs were offered to the general public and marketed as legitimate securities, alleged the SEC. 

According to the SEC, the spoofed websites used domain names similar to the domain names of actual financial institutions or that sounded like real financial firms. The SEC maintained that the spoofed websites falsely claimed that the firms offering the CDs to investors were FDIC, FINRA, SIPC, or New York Stock Exchange members, and that the deposits were FDIC-insured.

The SEC claimed that the spoofed websites were advertised in search results provided by the two leading internet search and advertising companies. As a result, the spoofed websites appeared at the top of investors’ search results when conducting searches for CDs with high rates of return. Potential investors who visited a spoofed website were allegedly directed to call a telephone number on the website. Believing that they were dealing with a legitimate U.S.-based financial institution offering legitimate CDs, potential investors who called the number on a spoofed website spoke with an individual purporting to be an “account executive” of the firm identified on the website. According to the SEC, potential investors provided an email address, after which they were contacted via email by the fake account executive, who often impersonated a real broker or sales representative of a spoofed financial firm.

Investors were allegedly instructed by the fake account executives to wire funds to bank accounts opened on behalf of purported “clearing firms” identified in the emails. Once the funds were received by the purported “clearing firm,” said the SEC, they were quickly transferred to different bank accounts, both domestic and foreign, making it difficult or impossible for investors to regain their funds.

Since November 2014, defendants allegedly created websites spoofing at least 24 legitimate financial firms and 8 fictitious financial firms, resulting in over $26 million in known investor losses. As described in the SEC’s Complaint, Sotnikov and the entities he allegedly controls were directly linked to 7 of the spoofed websites, through which investors lost over $1.8 million.

According to the SEC, Sotnikov’s participation was essential to the scheme to defraud. He allegedly organized and/or controlled the corporate entities named as defendants (the “Defendant LLCs”), each of which had been represented to investors as “clearing” or “offering” the CDs of a spoofed or fictitious financial firm and received investor funds. The SEC maintained that the Defendant LLCs were not clearing firms and did not offer or sell legitimate CDs or other securities. Instead, alleged the SEC, the Defendant LLCs were created by Sotnikov to serve as conduits to receive wire transfers from defrauded investors in furtherance of the scheme set forth in the SEC’s Complaint. None of the victims received a CD after wiring the funds.

“As alleged in our complaint, investors were swindled out of millions of dollars through a web of fake websites and concealed identities,” said SEC Enforcement Division Co-Director Steven Peikin. “Today’s action shows the SEC’s commitment to exposing sophisticated cyber fraud schemes that pose an ever-present risk to Main Street investors.”

“Investors should be wary of investment opportunities from websites found only through internet searches,” added SEC Enforcement Division Co-Director Stephanie Avakian.  “Online investments that sound too good to be true are red flags of fraud.”

In a parallel action, the U.S. Attorney’s Office for the United States District Court for the District of New Jersey announced (here) that it filed related criminal charges and is pursuing asset seizures.


As this Blog has observed in many posts, retirees and the elderly are particularly vulnerable to financial fraud. Often too trusting or hesitant to ask questions or express skepticism, this demographic easily falls prey to schemes to defraud. Spoofing is another form of fraud that exploits these tendencies.

But, as the SEC warned in its bulletin, to protect against spoofing related to CDs, it is important for these investors to overcome the proclivity towards trust and hesitancy to ask questions. 

Therefore, investors should be skeptical. They should conduct internet searches about the financial institution to see if results appear other than the website that was initially identified and call the financial institution using a telephone number found from another source to determine the legitimacy of the investment opportunity. Moreover, investors should avail themselves of the publicly available resources (whether government, trade or private sector) to verify the claims made in suspicious websites. See SEC Bulletin, Beware of Spoofed Websites Offering Phony Certificates of Deposit – Investor Alert (Oct. 23, 2019) (here).

Freiberger Haber LLP
Copyright ©2022 Freiberger Haber LLP | Disclaimer
Attorney advertisement | Prior results do not guarantee a similar outcome.
425 Broadhollow Road, Suite 416, Melville, NY 11747 | (631) 574-4454
420 Lexington Avenue, Suite 300, New York, NY 10017 | (212) 209-1005
Attorney Website by Omnizant