Beware Scammers Imitating Bank Websites

Uploaded on 2024-04-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Thousands of lookalike websites are being set up to trick innocent customers and around 2,000 websites that appear to imitate UK banks were detected last year. These copycat websites play a crucial role in impersonation scams.

Fraudsters use details, such as account numbers, collected from unsuspecting bank customers to later con those same people into sending them money, often by posing as bank staff.

Although banks attempt to get lookalike websites taken down, the number being registered, and sometimes inadequate response from the firms that register domains, means they're up long enough to find victims.

To understand the scale of the problem of copycat bank websites, the consumer advice service Which? joined with the DNS Research Federation (DNSRF), an Oxford-based institute that does data-driven policy research on domain names and Internet governance.

These are lists of websites that have been reported as hosting illegal content. If you attempt to view blacklisted sites you’ll typically see a stern warning on your browser not to proceed as the site is phishing or contains malware (software that can damage or steal data).

Which supplied DNSRF with a list of the major UK banking brands, and it scoured a specialist phishing blocklist for sites reported in 2023 that had the names of those brands somewhere in their web address (the URL) to take one copycat example ‘helphsbc.net’.

Which specifically enquired about AIB (Allied Irish Bank), Barclays, Bank of Scotland, The Co-Operative Bank, Danske Bank, First Direct, HSBC, Halifax, Lloyds, Metro Bank, Monzo, Nationwide, NatWest, RBS, Santander, Starling, TSB, Ulster Bank and Virgin Money/Clydesdale.

The DNSRF found that more than 2,000 URLs containing our specified UK bank brands were reported to a phishing blocklist in 2023. The affected banks were Barclays, HSBC, Halifax, Lloyds, Monzo, Nationwide, NatWest, Santander and Starling.

The majority of sites in the raw data look like blatant attempts to lead bank customers astray, with  Santander and Lloyds Bank being just two examples of this kind of copycat website.

DNSRF also examined another bloacklist, run by Scamadviser.com, from 2023. In this case, it extracted data on URLs containing our specified bank brand names which had a ‘trustscore’ of less than 50 out of 100. Which researchers found more than 2,000 URLs containing the names of the specified brands. Copycats accurately simulated the same brands as in the phishing blocklist.

A Weak Link In The Fight Against Fraud

You might wonder why it is that anybody can register a domain that looks like a blatant attempt at impersonating a bank. In the early days of the internet, domains were being registered at such high volumes that it was felt to be impossible to conduct detailed checks on those buying them. Therefore the domains industry operated - and continues to operate - on a first-come-first-served basis.

However, the volume of domains being sold has dropped significantly since that time, and it’s arguable that greater checks could be put in place today. To set up a copycat website, fraudsters need to use a domain registrar. To take one down, you need to contact a web hosting company.

Many companies do both, although there is no formal regulation of this, while the UK government is currently consulting on new powers to seize domains being used for criminal purposes.

One of the barriers to change has been the enormous complexity of the industry, which involves a plethora of domain registrars, resellers and hosting companies from the very large, such as GoDaddy, to the very small and obscure, many based outside the UK.

To protect yourself when banking online, Which recommends the following: 

  • Use trusted details:    It’s always safest to avoid clicking on links or calling numbers contained in emails, texts and instant messages. Instead, try to go direct by finding the authentic phone number and website on your bank card or statement. Contact your bank to query any unusual requests.
  • Don’t ignore warnings:    Pay attention to warning screens on your browser. Antivirus software can also warn you about suspicious websites and scan downloads. 
  • Check a site’s birthday:   You can use a domain lookup service such as Who.is to see when a site has been registered. A major bank wouldn’t have a website registered last month. These services will also show you an ‘abuse’ email address for reporting the rogue site to its hosting company. Scam sites can also be reported to the National Cyber Security Centre.

If you've a victim of onine fraud in the United Kingdom, you are strongly advised to report it to Action Fraud 

Which     |     DNS Research Foundation

Image: jpkirakun

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

« The Changing Role Of The CISO 
Helping CISOs Embrace Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Tugboat Logic

Tugboat Logic

Tugboat Logic was created to address the skills and expertise gap in the security and compliance industry. Our goal is to simplify and automate information security management for every enterprise.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

SecureCyber

SecureCyber

Secure Cyber Defense offers industry-leading technology and managed detection and response solutions.

Softsource vBridge

Softsource vBridge

Softsource vBridge are an ICT systems integrator providing specialist technology solutions, professional services, technical expertise and data centre services.