Further proof that cyber-attacks affect everyone – even big business.
It has been discovered that 324 fake websites have been masquerading as top UK banks including Barclays, HSBC, Natwest, Lloyds and Standard Chartered. These domain replications are often set up by hackers to trick unsuspecting users into giving away usernames, passwords and other sensitive information.
These fake websites contain subtle differences in the addresses, such as a single altered letter. Real examples of these include barclaya.net, lloydstsbs.com, and hsbc-direct.com. This highlights the constantly increasing importance of being alert and having basic cyber awareness.
Behind this discovery is the provider of DNS research tools, DomainTools, and the findings were broken down into the number of fake websites per bank. HSBC was impersonated in 110 instances, 74 for each Barclays and Standard Chartered, 66 for Natwest, and 22 for Lloyds.
This form of malicious cyber activity has been given the name ‘cybersquatting’, and it can be simply defined as the registering of a domain name with the intention of exploiting a trademark for monetary gain.
Connected to this criminal scheme are other forms of current, prominent cyber-attacks such as phishing email campaigns, which attempt to lure users toward the fake site. Scams involving pay-per-click ads have also been implemented in some instances.
Kyle Wilhoit, senior security researcher at DomainTools said “Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains. While domain squatters of the past were mostly trying to profit from the domain itself, these days they’re often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.”
The simplicity of the alterations made in fake domains highlights the huge importance of being alert and having basic cyber awareness to prevent a security breach.
“Many will simply add a letter to a brand name, such as Domaintoools.com, while others will add letters or an entire word such as ‘login’ to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.”