Every year, thousands of malicious websites masquerading as the UK's leading retail banks emerge. In 2023 alone, over 2,000 such imitations were identified, with Barclays and Santander being the most commonly replicated brands. And now there are calls for the Government to step in...
These findings come from consumer watchdog Which?, who are advocates for new legal obligations on domain registrars to intensify efforts against these persistently harmful scams.
Working in collaboration with the DNS Research Federation (DNSRF), a non-profit organisation based in Oxford specialising in domain name and internet governance research, Which? analysed phishing blocklists to uncover websites reported in 2023 that fraudulently employed various bank names in their URLs.
Their findings revealed a plethora of these deceptive sites affecting well-known high street banks and building societies such as Barclays, HSBC, Halifax, Lloyds, Nationwide, NatWest, and Santander, alongside newer online entities like Monzo and Starling.
Most of these sites appeared to be phishing platforms designed to trick users into disclosing their online banking credentials.
Moreover, the DNSRF scrutinised Scamadviser.com's blocklist, extracting data on URLs featuring specific bank names with a "trustscore" below 50 out of 100, indicating potential threats. This assessment, based on 40 different criteria including website ownership and hosting details, unearthed over 2,000 URLs posing potential risks.
Notably, Barclays and Santander were the most frequently encountered names across both lists.
Particularly, Santander has been a prime target for impersonation, exemplified by an incident in May 2023 when their head of fraud was impersonated in a £60,000 theft from a customer.
However, the data compiled by Which? and the DNSRF is not exhaustive, as it doesn't encompass every fraudulent banking website, and the authenticity of all identified sites couldn't be verified due to many being already taken down.
Nevertheless, Rocio Concha, Director of Policy and Advocacy at Which?, emphasised that the reported 2,000 sites are likely just a fraction of the actual number, with many evading detection or being active for brief periods before removal.
Concha underscored the concerning burden placed on consumers to identify and report scam sites, urging domain registrars to assume greater responsibility in combating online fraud.
With an election looming, she called for the next government to prioritise anti-fraud measures, including imposing new legal obligations on companies to thwart scammers setting up counterfeit websites.
Despite the ongoing battle against scammers, Which? found some encouraging signs of increased awareness among the public regarding scam websites. However, they cautioned that the rise of AI-driven text generators among cybercriminals might render identifying fake websites more challenging in the future.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).