Cyber squatters target UK bank domains

Part of the art of making a phishing attack successful is having a domain name that looks sufficiently similar to a legitimate one not to arouse suspicion in the target.

Research by threat intelligence specialist DomainTools has uncovered over 300 registered domains using the names of five of the UK's top high street banks.

Using its PhishEye tool, the company analyzed domains mimicking Barclays, HSBC, Natwest, Lloyd's and Standard Chartered. Addresses including hsbc-direct.com, barclaya.net, barclays-supports.com and lloydstsbs.com were all uncovered as being owned by third parties rather than the banks themselves.

"Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains," says Kyle Wilhoit, senior security researcher at DomainTools. "While domain squatters of the past were mostly trying to profit from the domain itself, these days they're often sophisticated cyber criminals using the spoofed domain names for more malicious endeavours."

The company offers advice for consumers to help ensure they don't fall foul of fake domains. These include looking out for extra letters or hyphens, plural or singular forms of the domain, and the use of letter combinations such as "rn" instead of "m" to make names look similar.

Wilhoit also believes companies themselves should be doing more. "Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants. It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain, this is a relatively cheap insurance policy."

You can read more about the research, and see a full list of the spoof domains identified, on the DomainTools blog.

Photo credit: Frank11 / Shutterstock