Beware Scammers Imitating Bank Websites

Uploaded on 2024-04-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Thousands of lookalike websites are being set up to trick innocent customers and around 2,000 websites that appear to imitate UK banks were detected last year. These copycat websites play a crucial role in impersonation scams.

Fraudsters use details, such as account numbers, collected from unsuspecting bank customers to later con those same people into sending them money, often by posing as bank staff.

Although banks attempt to get lookalike websites taken down, the number being registered, and sometimes inadequate response from the firms that register domains, means they're up long enough to find victims.

To understand the scale of the problem of copycat bank websites, the consumer advice service Which? joined with the DNS Research Federation (DNSRF), an Oxford-based institute that does data-driven policy research on domain names and Internet governance.

These are lists of websites that have been reported as hosting illegal content. If you attempt to view blacklisted sites you’ll typically see a stern warning on your browser not to proceed as the site is phishing or contains malware (software that can damage or steal data).

Which supplied DNSRF with a list of the major UK banking brands, and it scoured a specialist phishing blocklist for sites reported in 2023 that had the names of those brands somewhere in their web address (the URL) to take one copycat example ‘helphsbc.net’.

Which specifically enquired about AIB (Allied Irish Bank), Barclays, Bank of Scotland, The Co-Operative Bank, Danske Bank, First Direct, HSBC, Halifax, Lloyds, Metro Bank, Monzo, Nationwide, NatWest, RBS, Santander, Starling, TSB, Ulster Bank and Virgin Money/Clydesdale.

The DNSRF found that more than 2,000 URLs containing our specified UK bank brands were reported to a phishing blocklist in 2023. The affected banks were Barclays, HSBC, Halifax, Lloyds, Monzo, Nationwide, NatWest, Santander and Starling.

The majority of sites in the raw data look like blatant attempts to lead bank customers astray, with  Santander and Lloyds Bank being just two examples of this kind of copycat website.

DNSRF also examined another bloacklist, run by Scamadviser.com, from 2023. In this case, it extracted data on URLs containing our specified bank brand names which had a ‘trustscore’ of less than 50 out of 100. Which researchers found more than 2,000 URLs containing the names of the specified brands. Copycats accurately simulated the same brands as in the phishing blocklist.

A Weak Link In The Fight Against Fraud

You might wonder why it is that anybody can register a domain that looks like a blatant attempt at impersonating a bank. In the early days of the internet, domains were being registered at such high volumes that it was felt to be impossible to conduct detailed checks on those buying them. Therefore the domains industry operated - and continues to operate - on a first-come-first-served basis.

However, the volume of domains being sold has dropped significantly since that time, and it’s arguable that greater checks could be put in place today. To set up a copycat website, fraudsters need to use a domain registrar. To take one down, you need to contact a web hosting company.

Many companies do both, although there is no formal regulation of this, while the UK government is currently consulting on new powers to seize domains being used for criminal purposes.

One of the barriers to change has been the enormous complexity of the industry, which involves a plethora of domain registrars, resellers and hosting companies from the very large, such as GoDaddy, to the very small and obscure, many based outside the UK.

To protect yourself when banking online, Which recommends the following: 

  • Use trusted details:    It’s always safest to avoid clicking on links or calling numbers contained in emails, texts and instant messages. Instead, try to go direct by finding the authentic phone number and website on your bank card or statement. Contact your bank to query any unusual requests.
  • Don’t ignore warnings:    Pay attention to warning screens on your browser. Antivirus software can also warn you about suspicious websites and scan downloads. 
  • Check a site’s birthday:   You can use a domain lookup service such as Who.is to see when a site has been registered. A major bank wouldn’t have a website registered last month. These services will also show you an ‘abuse’ email address for reporting the rogue site to its hosting company. Scam sites can also be reported to the National Cyber Security Centre.

If you've a victim of onine fraud in the United Kingdom, you are strongly advised to report it to Action Fraud 

Which     |     DNS Research Foundation

Image: jpkirakun

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

« The Changing Role Of The CISO 
Helping CISOs Embrace Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMi Level 3 certified Global Consulting and IT Security Services company.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.