Home / Blogs

Can We Get More Eyes on Britain’s Largest Scam “Watch List”?

Co-authored by Dimitris Dimitriadis and David Barnett.

The FCA has been naming and shaming financial scam domains for decades. Its “warning list” is probably one the most extensive databases of its kind.

But does it do a good enough job of actually warning people?

Let us begin with the FCA website, which would not exactly get full points for user-friendliness: locating the “watch list” is a task in and of itself, to say nothing of consulting and scrutinising it. Incidentally, the consumer watchdog Which? has previously urged that the FCA make its data more accessible including via an API. (They have not.)

That would help, but it wouldn’t solve the problem. And given the majority of people targeted by scams are not journalists or brand protection specialists, it’s fair to assume they wouldn’t necessarily bother with the warning list in the first place. Many, unfortunately, would only look up a company or individual after being scammed, at which point they come across the handy watch list. In which case, the purpose of the list ends up becoming confirmatory as opposed to precautionary, which, at the very least, does not quite live up to its name.

To put an even finer point to it, a warning list is only as good as its ability to, well, warn. People will be inclined to conduct the least amount of due diligence possible (or less) even when or perhaps especially when it comes to scam propositions, which are not known for their tendency to give prospects as much time and space as possible to carefully weigh their options and come to a sober decision.

The least amount of due diligence may look like this: I come across a domain, and I type either the domain itself in inverted commas (”...”) or the name of the business or individual into Google or some combination of the two. Now, if that domain/business/individual is on the FCA’s warning list, that entry will almost certainly come up on Google and most likely will be one of the first results.

Most blacklisted domains won’t even remain active to experience this effect. It’s unclear how many of those domains actually get taken down via intervention. It’s more likely that most domains get taken down by their owners relatively quickly, given the reputational hit they’ve sustained. From a sample of 4,000 domains we analysed—which we extracted from said warning list—fewer than 10 percent were still up, and of those, many more would be expected to go down within weeks or months once their presence on the blacklist becomes evident.

What of those that do persist? We mentioned ‘the least amount of due diligence.’ Well, what if there’s no due diligence at all? What if a person just clicks on a website and they happen to like what they see? You’d hope that say, the search engine or browser would give this person some sort of warning—assuming that the search engine knows this domain to be a scam or is very likely to be a scam and assuming, of course, that such data is publicly available and comes from a credible regulatory body. Granted, that’s a lot of assuming, but luckily for the search engines—and the rest of us enthusiasts—the FCA makes this data available (see the warning list). However, when we took a sample of one hundred live scam domains from said list, for some reason, virtually none seemed to have an unsafe warning attached to them. That is even though they would presumably meet Google’s definition of “suspicious” or “deceptive.” This indicates a possible failure or omission of ‘fraudcasting’ on the part of the FCA: that is, where a trusted provider pushes out feeds of known scam sites to the search engines.

Some of the scam sites that persist have another feature in common. Many of them seem to be part of any of a number of “clusters” of related websites built on a common template. This indicates, essentially, the use of a SaaS product, that is, Scam-as-a-Service. The premise of the business model is that scammers are inherently lazy, and they’d like nothing more than the ability to use a ready-made template and load it with often identical, copy-pasted content. Different URL, same content.

We detected tens of template clusters, each of which featured anywhere between a few to hundreds of URLs. How we detected those clusters is by using DomainCrawler‘s platform to extract HTML tags (meta description and h1)—bits of code that are replicated verbatim across a large number of domains. In our case, we noticed that the longer and more detailed those meta-tags, the more likely the query would return useful results and fewer false positives. A good example of a useful meta-tag query would be: “Trade with confidence on the world’s leading social trading platform.” A bad example would be: “Welcome to our bank” or “Financial.”

What’s more surprising than the presence of these template clusters is that, in many cases, only a fraction of them were on the warning list. And assuming at least some of those sites may be targeting UK customers, the FCA should be in a position to identify those proactively (and filter out false positives).

From a mere peek into the data—and some preliminary analysis—it, therefore, seems that the FCA “warning list” could, with a few simple and easy wins, go much further in terms of actually warning the (non due-diligent practising) public. It could also, it seems, proactively identify lazy clusters of scam sites that rely on the same template.

By Dimitris Dimitriadis, Investigative Journalist & Researcher

Filed Under


Theo Geurts  –  Dec 12, 2023 12:29 AM

Indeed that list could be more user-friendly and easier to parse.

The amount of financial scams is just staggering. And a lot of it flies under the radar.

Another issue is that LEAs have a hard time combatting these fraudsters.


A lot of the financial scams we see originate from Asia and certain countries in Africa where the number of financial scams triples each year.

It seems that criminal gangs are now rapidly expanding in South America.
While the average impact on a BEC victim is 77.000 dollars, these financial scams seem to have a much larger impact per victim. Often we get reports that people claim losses over 1 million dollars.


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign


Sponsored byVerisign