Cyber squatters mimic banks by registering hundreds of domain names designed to fool web users

Online banking customers are being warned to watch out for web addresses that may appear legitimate but are in fact fraudulent sites owned by cyber criminals. The domains are designed to look either superficially similar to legitimate sites or to anticipate common misspellings or typos.

According to researchers at DomainTools, 346 domains have been identified as “high risk”, and at least five of the UK’s biggest banks have been targeted:

  • HSBC: 110 domains
  • Barclays: 74 domains
  • Standard Chartered: 74 domains
  • NatWest: 66 domains
  • Lloyds: 22 domains

Registering domain names that are noticeably similar to existing sites is known as ‘cyber squatting’ or ‘domain squatting’. It is a common tactic in phishing campaigns, as the criminals hope to trick customers into mistaking their site for the authentic one and therefore providing login credentials or other personal details.

What to look out for

The spoofed domain names can, at first glance, be hard to spot. According to Kyle Wilhoit, senior security researcher at DomainTools, cyber criminals may “simply add a letter to a brand name, such as Domaintoools.com, while others will add letters or an entire word, such as ‘login’ to either side of a brand name.”

Typical domains that DomainTools discovered include:

  • hsbc-direct.com
  • barclaysbank-uae.com
  • standardcharterd.com
  • natwestbnuk.com
  • lloydstbs.com

“Users should remember to carefully inspect every domain they are clicking on or entering in their browser,” Wilhoit said. “Also, ensure you are watching redirects when you are going from site to site.”

Other things users should look out for in potentially deceptive web addresses, according to DomainTools, include:

  • Dashes, such as in Face-book.com
  • Disguised letters, such as an uppercase ‘i’ in PayPaI.com
  • Jumbled letters, such as in YuoTube.com
  • Plural or singular forms of the domain, such as in Reuter.com or Rightmoves.co.uk

Preventing phishing attacks

This advice is helpful for reminding people and businesses that they need to remain cyber secure. However, these tips invariably come after a phishing campaign has already begun making the rounds. For many businesses, by the time they’ve received this advice, it’ll be too late.

That’s why it’s important to stay one step ahead of cyber criminals, and to make sure your staff are trained to recognise and respond to phishing attacks. IT Governance’s Phishing Staff Awareness Course provides real-life examples of phishing campaigns, as well as tips and best practices to equip them with everything they need to avoid falling victim.

Find out more about our Phishing Staff Awareness Course >>