Cyprus's financial regulator is warning investors about fraudulent websites that target people who've already lost money to investment scams, pretending to help recover their funds while actually collecting personal information for further fraud.

Scammers Target Fraud Victims With Fake Recovery Sites

The Cyprus Securities and Exchange Commission (CySEC) identified six specific malicious sites: getyourmoneyback.ltd, getyoursback.org, theystole.net, chargebackinternational.com, chargebackme.com, and chargebackmoney.biz. The regulator suspects more similar sites exist that haven't been discovered yet.

“These malicious websites are advertised online and on social media, mainly targeting people who have been victims of online fraud,” CySEC commented in the press release. “They collect personal and financial information from investors through websites, emails and/or phone calls.”

The scammers go as far as impersonating CySEC officers, using email addresses that look similar to the regulator's official domain. They promise to help recover losses from both regulated and unregulated investment firms, but the whole operation is designed to extract more money and information from vulnerable victims.

Recovery Frauds Growing More Common

The warning from CySEC addresses what's known as recovery fraud - a situation where someone tries to scam people who've already been scammed once before. CySEC has been issuing warnings about similar activities for years, just like regulators in various other parts of the world.

A few months ago, FinanceMagnates.com reported on a case investigated by Europol where investment scammers earned $20 million by attacking the same victims not twice, but three times over.

Fraudsters often impersonate the UK's FCA, one of the most popular and active regulators in the investment and financial environment. Meanwhile, at the end of 2023, Polish traders lost millions of zloty in recovery scams involving fake law firms that hunted FX and crypto investors.

Red Flags Investors Should Know

CySEC emphasized several key points that should immediately raise suspicion. The regulator never makes unsolicited phone calls or sends random correspondence to individuals. It doesn't request personal, financial, or other sensitive information through cold outreach.

Anyone receiving communication claiming to be from CySEC should verify its authenticity by emailing [email protected] before taking any action. Real CySEC emails always end with the official domain cysec.gov.cy, though fraudsters have figured out ways to disguise their addresses to look legitimate.

The regulator has zero authority to collect fees from individual investors for any reason, nor can it appoint others to do so on its behalf. CySEC doesn't authorize, verify, monitor, or participate in class actions, compensation schemes, or payments between individuals or organizations.

Double Victimization Problem

This type of fraud represents a particularly cruel form of double victimization. People who've already lost money to investment scams often feel desperate to recover their funds, making them prime targets for these fake recovery services.

The emotional and financial vulnerability of previous fraud victims makes them more likely to fall for promises of help, especially when the scammers impersonate official regulatory bodies. These operations exploit the trust people place in government institutions designed to protect them.

CySEC regularly publishes warnings about unregulated entities and impersonation attempts on its official website. The regulator also maintains an investor guide specifically focused on spotting and avoiding various types of financial scams.

The watchdog urged the public to stay alert for any unsolicited communication claiming CySEC affiliation and to never send money to anyone claiming to represent the organization.