Australia's corporate regulator is building a public list of the website addresses used by licensed financial firms, giving consumers a way to tell a real broker or super fund apart from a scam clone.
The Australian Securities and Investments Commission (ASIC) said today (Wednesday) it is collecting the web addresses of Australian financial services licensees and publishing them on its Professional Registers Search, a free database anyone can check.
The move targets a problem that has grown alongside online investing. Criminals increasingly copy the names, license numbers and websites of genuine licensees to stand up fake sites and run investment scam ads that look authentic, according to the regulator.
A Whitelist Approach After Years of Takedowns
This is a shift in tactics. For the past two years ASIC has focused on tearing scam sites down, removing more than 10,000 fraudulent pages at a clip of around 130 a week under a takedown capability launched in 2023.
Publishing a verified list of legitimate addresses flips that logic. Rather than chasing fakes after they surface, the regulator wants to give the public a reference point for what the real thing looks like.
- A 'Record Penalty': USGFX, EuropeFX and TradeFred to Pay AU$300M for ‘Egregious’ CFD Offerings
- ASIC Hands Euroclear a May 2027 Deadline to Get Australian
- Are Crypto Investors More Vulnerable to Scams? ASIC's Warning Indicates So
More than 6,500 licensees have been invited to submit their website details since the program started in early May, ASIC said. It aims to load most of the addresses within the coming months.
The register will show a licensee's principal website and any additional sites, whether a firm operates no website at all, or whether it has not yet handed over its details, according to the regulator. Consumers can search by company name, ABN, ACN or license number.
ASIC has been pushed in this direction partly by repeated impersonation of its own brand. The watchdog warned in October that scammers were cloning its Moneysmart consumer site to harvest personal details.
Since late 2023, roughly 20% of new Moneysmart investor alert listings have involved someone impersonating a licensee, an authorized representative or a registered company.
Regulators Worldwide Lean on Their Own Registers
ASIC is not the only regulator pointing consumers back to an official register as the first line of defense. The approach has become a standard counter to clone firms, fraudsters who lift the name, registration number and address of an authorized business to look legitimate.
In the United Kingdom, the Financial Conduct Authority routinely tells investors to check its Financial Services Register and has issued a steady run of clone alerts naming real brands. It flagged a clone impersonating the listed broker XTB, warning the public to verify a firm's credentials before sending any money.
Europe offers more aggressive versions of the same idea. Regulators in Cyprus, Spain and Italy publish blacklists of fraudulent and cloned sites, and Italy's Consob can block access to them at the domain level.
ASIC borrowed from that playbook last year when it gained the power to pull investment scam ads from social media.
What sets the new register apart is the direction of travel. Most of those programs catalog the bad actors, while ASIC is trying to assemble a complete inventory of the good ones.
The wager is that a verified whitelist is harder for scammers to defeat than a blacklist that is always a step behind the next domain.
Compulsory Powers on the Table
Participation is voluntary for now, and ASIC has signaled that could change.
"We may consider using compulsory powers to achieve a complete register, if required," ASIC Commissioner Alan Kirkland said.
The regulator is also leaning on public pressure, encouraging consumers to ask any licensee whose address is missing why it has not signed up.
Authorized representatives are not covered by the initiative, though licensees can post their own verification information for them.
ASIC's record suggests it is willing to escalate. The regulator took down more than 2,500 investment scam and phishing sites in the first months after launching its takedown unit, and the volume has climbed steadily since.
Scam Losses Top A$248 Million in a Quarter
The numbers behind the push are sizable. Scamwatch and ReportCyber logged a combined 60,657 scam reports in the first three months of 2026, with reported losses of A$248.3 million, according to ASIC.
The agency's broader enforcement load has grown too, with the watchdog removing nearly 7,000 scam sites as actions jumped 50% in its last reporting year.
Alongside the register, ASIC has rolled out online resources for businesses that have been impersonated, pulling its scam alerts, disruption work and enforcement records into one place.
Whether the list dents those losses will hinge on how many firms take part and how widely consumers and platforms actually use it. ASIC said it wants digital and social media platforms to fold the register into how they vet financial advertising, a step that would push its reach well beyond individual investors checking a site by hand.
