Cyber criminals mimicking banks’ domains to fool customers, experts warn

Cyber criminals are using hundreds of domain names linked to UK banks to try and trick customers who misspell their web addresses, cyber security experts have warned.

Researchers from DomainTools discovered 324 high-risk domains mimicking major banks, which they said can be used for anything from phishing to pay-per-click ad abuse and ransomware distribution.

The criminals’ fraudulent addresses included natwesti[.]com, lloydstbs[.]com, bhsbc[.]com and standardcharterd[.]com – all designed to catch out unsuspecting users.

If a web user clicks on one of the addresses, malware may be downloaded to their computer or they may be fooled into handing over sensitive information, believing they are accessing a genuine site.

“Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains,” said Kyle Wilhoit, senior security researcher at DomainTools. “While domain squatters of the past were mostly trying to profit from the domain itself, these days they’re often sophisticated cyber criminals using the spoofed domain names for more malicious endeavours.

“Many will simply add a letter to a brand name, such as domaintoools.com, while others will add letters or an entire word such as ‘login’ to either side of a brand name.

“Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.

“Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants. It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain, this is a relatively cheap insurance policy.”

The researchers advised consumers to remain on their guard, watching out for swapped letters, added characters and extra dashes in the domains of sites they visit.

For more on the cyber squatting campaigns, see the DomainTools website.


Photo © Chris Dlugosz (CC BY 2.0). Cropped.