Bank brands under attack from typo cybersquatters

Be careful when typing in that bank domain. Research has uncovered over 300 Websites bearing the brand names of the UK's five largest banks that attempt to trick fat-fingered consumers into thinking that they've landed on a legitimate site.

2 comments

Bank brands under attack from typo cybersquatters

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In total, DomainTools unearthed 324 websites - 110 fake HSBC sites, 74 for each Barclays and Standard Chartered, 66 for Natwest and 22 for Lloyds. Web addresses including hsbc-direct.com, barclaya.net, barclays-supports.com and lloydstsbs.com were all discovered as being owned by third parties rather than the banks themselves.

Domains masquerading as legitimate UK bank websites are often used by hackers to trick customers into handing over personal details or login information, or to automatically download malware onto consumer machines.

Kyle Wilhoit, senior security researcher at DomainTools says many of the fake sites will simply add a letter to a brand name, while others will add letters or an entire word such as ‘login’ to either side of a brand name.

“Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants," he says. "It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain, this is a relatively cheap insurance policy.”

Sponsored [Webinar] The Automation Imperative in Asset Servicing

Related Company

Comments: (2)

Melvin Haskins

Melvin Haskins Managing Director at Haston International Limited

It should not be beyond the realms of possibility for the domain issuers to ask what the domain is to be used for when it is obviously being established to carry out fraud.

Hitesh Thakkar

Hitesh Thakkar Technology Evangelist (Financial Technology) at SME - Fintech startups (APAC and Africa)

E-mmail Phishing used by Cyberhackers steal user ID and Password using those similer typo domain wiith brilliant combination of brand, logo usage for so many years.

Even login page also looks alike for bank customers landing into it.

Solution suggestd"£12 per year per domain" is not peancea to the issue. It is like controlling dam water downstream after free flow. 

Why it can not be controlled at Apex level i.e.

1. central registry of website being build by regulator in respective country where in each bank has to register it's domain name.

2. On registration, this registry will build unique tiny banner which will float on Bank's URL.

3. Bank has to educate customer to look for such banner for authenticity before login to avoid those e-mail phishing and other such technique.

4. Paying per year fix fee is worth rather than spending on those type domains.

 

[OD Webinar] Reimagine Banking: How to effectively modernise your core and de-risk at the same timeFinextra Promoted[On-Demand Webinar] Reimagine Banking: How to effectively modernise your core and de-risk at the same time