View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Barclays, HSBC, Natwest and other big name banks fall victim to cybersquatting

Further proof that cyber-attacks affect everyone - even big business.

By Tom Ball

It has been discovered that 324 fake websites have been masquerading as top UK banks including Barclays, HSBC, Natwest, Lloyds and Standard Chartered. These domain replications are often set up by hackers to trick unsuspecting users into giving away usernames, passwords and other sensitive information.

These fake websites contain subtle differences in the addresses, such as a single altered letter. Real examples of these include barclaya.net, lloydstsbs.com, and hsbc-direct.com. This highlights the constantly increasing importance of being alert and having basic cyber awareness.

Behind this discovery is the provider of DNS research tools, DomainTools, and the findings were broken down into the number of fake websites per bank. HSBC was impersonated in 110 instances, 74 for each Barclays and Standard Chartered, 66 for Natwest, and 22 for Lloyds.

This form of malicious cyber activity has been given the name ‘cybersquatting’, and it can be simply defined as the registering of a domain name with the intention of exploiting a trademark for monetary gain.

UK banks

Connected to this criminal scheme are other forms of current, prominent cyber-attacks such as phishing email campaigns, which attempt to lure users toward the fake site. Scams involving pay-per-click ads have also been implemented in some instances.

Kyle Wilhoit, senior security researcher at DomainTools said “Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains. While domain squatters of the past were mostly trying to profit from the domain itself, these days they’re often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
READ MORE: Cyber Awareness: Treat cyber security like drink driving

The simplicity of the alterations made in fake domains highlights the huge importance of being alert and having basic cyber awareness to prevent a security breach.

“Many will simply add a letter to a brand name, such as Domaintoools.com, while others will add letters or an entire word such as ‘login’ to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU