A cyber threat intelligence firm has found 324 registered scam domains using the trademarked names of five of the UK’s top high street banks and wealth managers.

The firm, Domain Tools, says there are hundreds of fake domains ‘masquerading’ as legitimate UK bank websites and these are often used by hackers to trick customers into handing over personal details or login information.

Cybersquatting (also known as domain squatting) is the act of registering a domain name with the purpose of securing financial benefit from a trademark that belongs to someone else, says the firm. Many rely on internet users mis-spelling an internet address when they enter the url into their browser or failing to spot an email using a fake domain link.

These domains are often used in phishing email campaigns, says Domain Tools, and various other kinds of scams including ‘ransomware’ using planted viruses. The company’s research team analysed domains mimicking Barclays, HSBC, Natwest, Lloyd’s and Standard Chartered using its PhishEye tool. In total, there were 324 domains identified as high risk that contained the banks’ brand names.

Examples include:

• natwesti[.]com


• natwestbusinessbanking[.]co.uk


• lloydstbs[.]com
 • hsbcgrp[.]com


• barclaysbank-plc[.]co.uk


• wealthbarclays[.]co.uk


• standardchartered-bank[.]com

Kyle Wilhoit, senior security researcher at DomainTools said, “While domain squatters of the past were mostly trying to profit from the domain itself, these days they’re often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.”

He explained how there are patterns to be found in these types of domains – “Many will simply add a letter to a brand name while others will add letters or an entire word such as ‘login’ to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects when you are going from site to site.”

DomainTools says internet users should watch for these warning signs:
• Check for extra added letters in the domain, such as Yahooo[.]com


• Check for dashes in the domain name, such as Domain-tools[.]com


• Look out for ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com


• Check for reversed letters, such as Domiantools[.]com


• A plural or singular form of the domain, such as Domaintool[.]com

The brand domains were monitored from the 27 – 31 March 2017