top of page

Calls for Government action on malicious banking domains

Every year, thousands of malicious websites masquerading as the UK's leading retail banks emerge. In 2023 alone, over 2,000 such imitations were identified, with Barclays and Santander being the most commonly replicated brands. And now there are calls for the Government to step in...

These findings come from consumer watchdog Which?, who are advocates for new legal obligations on domain registrars to intensify efforts against these persistently harmful scams.

Working in collaboration with the DNS Research Federation (DNSRF), a non-profit organisation based in Oxford specialising in domain name and internet governance research, Which? analysed phishing blocklists to uncover websites reported in 2023 that fraudulently employed various bank names in their URLs.

Their findings revealed a plethora of these deceptive sites affecting well-known high street banks and building societies such as Barclays, HSBC, Halifax, Lloyds, Nationwide, NatWest, and Santander, alongside newer online entities like Monzo and Starling.

Most of these sites appeared to be phishing platforms designed to trick users into disclosing their online banking credentials.

Moreover, the DNSRF scrutinised's blocklist, extracting data on URLs featuring specific bank names with a "trustscore" below 50 out of 100, indicating potential threats. This assessment, based on 40 different criteria including website ownership and hosting details, unearthed over 2,000 URLs posing potential risks.

Notably, Barclays and Santander were the most frequently encountered names across both lists.

Particularly, Santander has been a prime target for impersonation, exemplified by an incident in May 2023 when their head of fraud was impersonated in a £60,000 theft from a customer.

However, the data compiled by Which? and the DNSRF is not exhaustive, as it doesn't encompass every fraudulent banking website, and the authenticity of all identified sites couldn't be verified due to many being already taken down.

Nevertheless, Rocio Concha, Director of Policy and Advocacy at Which?, emphasised that the reported 2,000 sites are likely just a fraction of the actual number, with many evading detection or being active for brief periods before removal.

Concha underscored the concerning burden placed on consumers to identify and report scam sites, urging domain registrars to assume greater responsibility in combating online fraud.

With an election looming, she called for the next government to prioritise anti-fraud measures, including imposing new legal obligations on companies to thwart scammers setting up counterfeit websites.

Despite the ongoing battle against scammers, Which? found some encouraging signs of increased awareness among the public regarding scam websites. However, they cautioned that the rise of AI-driven text generators among cybercriminals might render identifying fake websites more challenging in the future.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page