324 typo-squat domains found impersonating Natwest, HSBC and co

Only the sausage-fingered among us need fear

20 Reg comments Got Tips?

Hackers are abusing the trademarked names of five of the UK's top high street banks.

Security researchers at DomainTools have identified 324 "high risk" domains mimicking Barclays, HSBC, Natwest, Lloyds and Standard Chartered.

Crooks often use domains masquerading as legitimate brands to run phishing scams that trick customers into handing over login credentials. These details are subsequently used to siphon off money from compromised accounts. Dodgy sites might also be abused to spread ransomware or other malware, typically by exploiting unlatched browser or Flash Player flaws.

DomainTools used its PhishEye tool to search for existing and new domains that spoof legitimate brands.

UK banks' online dopplegangers [source: DomainTools]

Kyle Wilhoit, senior security researcher at DomainTools, said "domain squatters" follow a pattern in the sites they register.

"Many will simply add a letter to a brand name, such as Domaintoools.com, while others will add additional letters on either side of a brand name," Wilhoit said. "Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site." ®


Biting the hand that feeds IT © 1998–2020