Hackers cyber-squat hundreds of UK bank domains to trick web users

News by Danielle Correa

DomainTools discovers more than 300 fake websites fooling customers into thinking they're clicking on top UK bank websites.

DomainTools has uncovered 324 fake websites that appeared to be owned by five major UK banks, but were not. Researchers found 110 fake HSBC sites, 74 fake sites each for Barclays and Standard Chartered, 66 for Natwest and 22 for Lloyd's.

Hackers often deceive customers into handing over personal details or login information by using domains disguised as legitimate websites, often achieved by domain squatting. Cyber-squatting or domain squatting entails registering a domain name to gain monetary benefit from a trademark that belongs to someone else. The domains are often used to redirect the victim to various scams including phishing email campaigns, pay-per-click ads and for-profit survey sites or more nefarious content such as ransomware or other forms of drive-by malware.

Out of the 324 domains that were identified as high risk and owned by third parties instead of the banks, some examples included hsbc-direct.com, barclaya.net, lloydstsbs.com, natwesti.com and standardcharterd.com.

“Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains. While domain squatters of the past were mostly trying to profit from the domain itself, these days they're often sophisticated cyber-criminals using the spoofed domain names for more malicious endeavours,” said Kyle Wilhoit, senior security researcher at DomainTools in a news release.

“Many will simply add a letter to a brand name, such as Domaintoools.com, while others will add letters or an entire word such as ‘login' to either side of a brand name,” Wilhoit said in regard to the patterns found in these types of domains. “Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.”

To avoid falling for a fake website, consumers should:

  • Check for extra added letters in the domain, such as Gooogle.com

  • Check for dashes in the domain name, such as Face-book.com

  • Look out for “rn” disguised as an “m”, such as modem.com versus modern.com

  • Check for reversed letters, such as Yuotube.com

  • A plural or singular form of the domain, such as Domaintool.com

“Of course there are some companies that monitor for these domains, but many either don't fully understand the risk or don't see it as a high enough priority as they rely on their security products to catch these domains. Some companies also think that it is easier to act after the fact, using their internal legal team to file requests to take down the domains. However, it really is much better to catch these domains at the source and take them down before any damage is caused,” Wilhoit told SC Media UK.

“Organisations affected by cyber-squatting can leverage (in the US at least) the Anti-cybersquatting Consumer Protection Act (ACPA). In court, I've seen ACPA used more successfully for sites that were re-directing to malware, as opposed to just someone registering and using for whatever scheme they're running. Additionally, organisations internationally can use ICANN's Uniform Domain Name Dispute Resolution Policy (UDRP).”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews