Hackers are targeting some of Britain's biggest banks by creating copycat websites mimicking their branding, according to new research by security analysts DomainTools.
'Cybersquatting', as it's known, involves criminals buying domains that look legitimate but aren't quite the same as banks' official web addresses.
These dodgy websites are crated to be used in phishing emails that attempt to trick victims into clicking on links and handing over personal details, but criminals are also relying on the typos we make in browsers.
Once on the fake website, fraudsters will try to get victims to type in personal details like usernames and passwords or trick them into downloading malware.
Banks being targeted
DomainTools analysed domains mimicking five of the UK’s biggest banks using a tool called PhishEye.
This allows people to search for existing and new domains that spoof brand, products and orginsations with other names.
In total the research found a total of 324 ‘high-risk’ domains that contained the brand names.
HSBC was found to be one of the most heavily targeted, with 110 dodgy domains identified in the analysis.
But DomainTools uncovered 74 mimicking Barclays, the same for Standard Chartered, at least 66 spoofing NatWest and 22 that appear similar to Lloyds.
Dodgy websites to watch out for
Here are some examples of the dodgy websites that were uncovered.
As you can see, scammers are using tweaks that aren't necessarily easy to spot.
Kyle Wilhoit, senior security researcher at DomainTools, explained: “Many will simply add a letter to a brand name, such as Domaintoools.com, while others will add letters or an entire word such as ‘login’ to either side of a brand name.
“Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.”
What can banks do?
Cybersquatting is the act of registering a domain name with the intent of making money from a trademark that belongs to someone else.
But the trend has taken an even more sinister turn by hackers and worryingly spoof websites using a bank’s name can be purchased for as little as £12 a year.
Wilhoit commented: “Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains.
"While domain squatters of the past were mostly trying to profit from the domain itself, these days they’re often sophisticated cybercriminals using the spoofed domain names for more malicious endeavors.”
However, Wilhoit says banks should do more to curb the trend of cybersquatting.
He says: “Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants.
“It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain, this is a relatively cheap insurance policy.”
We spoke to HSBC about the issue, which said it does a lot of work to weed out dodgy websites but there needs to be a balance, as some websites using the brand's name like hsbc.org – a site for the Hunter Street Baptist Church – are genuine.
A spokesperson said: “It is an ongoing challenge for businesses across every industry to establish whether website domains that have been set up are for genuine or nefarious purposes.
“Security of our own website and our customers' details is of paramount importance which is why we have teams and external agencies using the latest technology to continuously monitor the internet for sites that can be an active threat to us or our customers, and we take timely and effective enforcement action.
“We would also advise customers to be mindful of the risk of phishing and different types of scam and to check our security centre for the latest advice including links to industry and government supported educational campaigns such as Take Five.”
How to keep safe
If you get an email claiming to be from you bank, be wary of clicking the links and check for suspicious web addresses by hovering over them.
DomainTools recommends these tips to spot a dodgy website address:
- Check for extra added letters in the domain, such as Yahooo[.]com;
- Check for dashes in the domain name, such as Domain-tools[.]com;
- Look out for ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com
- Check for reversed letters, such as Domiantools[.]com
- A plural or singular form of the domain, such as Domaintool[.]com
Another way to ensure you never end up on a dodgy site is to bookmark your bank’s website rather than risk accidentally using a typo that leads you to a website set up by cybersquatters.