23 May 2017
Find out more

Bank brands under attack from typo cybersquatters

03 May 2017  |  5095 views  |  2 web HTTP

Be careful when typing in that bank domain. Research has uncovered over 300 Websites bearing the brand names of the UK's five largest banks that attempt to trick fat-fingered consumers into thinking that they've landed on a legitimate site.

In total, DomainTools unearthed 324 websites - 110 fake HSBC sites, 74 for each Barclays and Standard Chartered, 66 for Natwest and 22 for Lloyds. Web addresses including hsbc-direct.com, barclaya.net, barclays-supports.com and lloydstsbs.com were all discovered as being owned by third parties rather than the banks themselves.

Domains masquerading as legitimate UK bank websites are often used by hackers to trick customers into handing over personal details or login information, or to automatically download malware onto consumer machines.

Kyle Wilhoit, senior security researcher at DomainTools says many of the fake sites will simply add a letter to a brand name, while others will add letters or an entire word such as ‘login’ to either side of a brand name.

“Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants," he says. "It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain, this is a relatively cheap insurance policy.”

Comments: (2)

Melvin Haskins
Melvin Haskins - Haston International Limited - | 03 May, 2017, 11:52

It should not be beyond the realms of possibility for the domain issuers to ask what the domain is to be used for when it is obviously being established to carry out fraud.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India | 03 May, 2017, 13:35

E-mmail Phishing used by Cyberhackers steal user ID and Password using those similer typo domain wiith brilliant combination of brand, logo usage for so many years.

Even login page also looks alike for bank customers landing into it.

Solution suggestd"£12 per year per domain" is not peancea to the issue. It is like controlling dam water downstream after free flow. 

Why it can not be controlled at Apex level i.e.

1. central registry of website being build by regulator in respective country where in each bank has to register it's domain name.

2. On registration, this registry will build unique tiny banner which will float on Bank's URL.

3. Bank has to educate customer to look for such banner for authenticity before login to avoid those e-mail phishing and other such technique.

4. Paying per year fix fee is worth rather than spending on those type domains.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

NAB falls foul of domain name squatter

NAB falls foul of domain name squatter

09 January 2017  |  5030 views  |  4 comments | 5 tweets | 4 linkedin
European banks join .bank domain rush

European banks join .bank domain rush

14 December 2015  |  6944 views  |  1 comments | 16 tweets | 14 linkedin
Third party hijackers seek out new bank domain names

Third party hijackers seek out new bank domain names

02 May 2014  |  5312 views  |  0 comments | 7 tweets | 6 linkedin
Clydesdale and Yorkshire Bank site outage down to failure to renew domain name

Clydesdale and Yorkshire Bank site outage down to failure to renew domain name

31 July 2013  |  5729 views  |  1 comments | 2 tweets | 1 linkedin
The WikiLeaks strategy: Bank of America buys up abusive domain names

The WikiLeaks strategy: Bank of America buys up abusive domain names

22 December 2010  |  125697 views  |  0 comments
CME sues Canadian FX broker over trademark infringement

CME sues Canadian FX broker over trademark infringement

16 April 2010  |  5572 views  |  0 comments
BofA wins cybersquatting judgement

BofA wins cybersquatting judgement

18 February 2010  |  6557 views  |  0 comments
Goldman slayed by blogger

Goldman slayed by blogger

16 July 2009  |  7023 views  |  0 comments
Cyber-squatters jump on Wall Street woes

Cyber-squatters jump on Wall Street woes

17 September 2008  |  7034 views  |  0 comments
Typosquatters target credit union domains

Typosquatters target credit union domains

13 September 2006  |  5965 views  |  0 comments
Bank brands under threat from cybersquatters

Bank brands under threat from cybersquatters

01 December 2000  |  3127 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Download the paper nowVisit www.capgemini.com/worldreportsvisit www.response.ncr.com

Top topics

Most viewed Most shared
European banks lobby Commission to push ahead with screen scraping banEuropean banks lobby Commission to push ah...
8814 views comments | 29 tweets | 35 linkedin
Time for data-driven banking to come of ageTime for data-driven banking to come of ag...
8675 views comments | 28 tweets | 35 linkedin
Google and PayPal partner for mobile shopping by fingerprintGoogle and PayPal partner for mobile shopp...
8579 views comments | 27 tweets | 27 linkedin
Banks must get on AI bandwagon now – new Finextra researchBanks must get on AI bandwagon now – new F...
8364 views comments | 22 tweets | 31 linkedin
Twins fool HSBC voice biometrics - BBCTwins fool HSBC voice biometrics - BBC
8294 views comments | 19 tweets | 24 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job