Hackers cybersquatting on hundreds of UK bank domains
Cybersquatters have wormed their way onto hundreds of websites and are tricking web users into thinking they’re clicking on to UK high street bank websites.
According to research by DomainTools, a DNS-based cyber threat intelligence firm, it found 324 registered domains using the trademarked names of five of the UK’s top high street banks – namely Barclays, HSBC, Natwest, Lloyds and Standard Chartered. Domains masquerading as legitimate UK bank websites are often used by hackers to trick customers into handing over personal details or login information.
Kyle Wilhoit, senior security researcher at DomainTools, says: “Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains. While domain squatters of the past were mostly trying to profit from the domain itself, these days they’re often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.”
The tricks include phishing email campaigns, pay per click ads (often for competitors’ services), for-profit survey sites and affiliate program abuse, or more nefarious content like ransomware and drive-by download campaigns.
The DomainTools research team analysed domains mimicking those five banks using its PhishEye tool. Some examples include:
- natwesti[.]com
- natwestbusinessbanking[.]co.uk
- lloydstbs[.]com
- hsbcgrp[.]com
- bhsbc[.]com
- barclaysbank-plc[.]co.uk
- wealthbarclays[.]co.uk
- standardchartered-bank[.]com
- standardcharteredbanks[.]com
- standardcharterd[.]com
- xtandardchartered[.]com
Wilhoit adds: “Many will simply add a letter to a brand name, such as Domaintoools.com, while others will add letters or an entire word such as ‘login’ to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.”
Let’s be careful out there fintech folks. Be pure, be vigilant, behave.