A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars.

59-year-old Allen Giltman, of Irvine, California, pleaded guilty to charges that he and his co-conspirators built a network of fraudulent websites impersonating legitimate financial institutions.

According to a US Department of Justice (DOJ) press release, between 2012 and October 2020, Giltman and others created a series of at least 150 bogus websites that posed as real financial institutions.

Websites like saddleriveradvisors[dot]]net and sra-llc[dot]com were created to mimic the design, logos, and wording of a legitimate financial institution, Saddle River Advisors (saddleriveradvisors[dot]com).

As the DOJ describes, unwitting victims typically came across the fraudulent websites via internet searches, which displayed adverts alongside Google and Microsoft Bing search results. The victims were fooled into believing promises of higher than average rates of return on various types of investment opportunities.

Potential victims would then contact the fake financial institution via email or telephone, and be connected to Giltman.

Giltman would impersonate real FINRA broker-dealers, by using their names and details, and send duped investors false records claiming their funds had been invested in "private lending opportunities."

In reality, the stolen funds were moved to bank accounts around the world, including in Russia, Georgia, Hong Kong, and Turkey.

Collectively, the scheme is thought to have scammed over 70 people and stolen approximately US $50 million.

Many of those impacted were older adults investing their retirement savings.

Giltman was brought to justice in spite of his attempts to cover his tracks. He and his co-conspirators used VPNs, encrypted messaging apps, and prepaid cell phones to communicate with their victims. Furthermore, pre-paid gift cards were used to register the website domains used in the criminal scheme.

Giltman has now been sentenced to 87 months in prison. At an earlier hearing, he had been ordered to forfeit around US $100,000 as well as a few dozen pieces of jewellery and several luxury watches.

Incidents like this underline the importance for organisations to proactively register variants of their website domain to prevent spoofing by cybercriminals. Furthermore, investors would be wise to verify an investment website's legitimacy via WHOIS lookups and cross-check companies with regulatory databases.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.