Sun, Dec 22 2024
Consumer advocacy group Which?, which found that over 2,000 of these alleged sites were reported in 2023, is advocating for new regulations to compel domain registrars to take additional steps to stop scam banking "copycat" websites from ever developing.
Copycat banking websites have been posing as legitimate banks for a long time in an attempt to deceive unwary customers into sending their money to fraudulent operators. In response, Which? has teamed up with the DNS Research Federation (DNSRF), a non-profit organization based in Oxford that conducts data-driven policy research on internet governance and domain names, to determine the extent of the problem.
Upon requesting DNSRF to examine industry blocklists containing websites allegedly hosting illicit content, Which? discovered that more than 2,000 URLs featured UK bank trademarks. Barclays, HSBC, Halifax, Lloyds, Monzo, Nationwide, NatWest, Santander, and Starling were among the banks impacted.
The majority of websites seemed to be blatant attempts to mislead bank clients. The terms Santander and Barclays were the most frequently occurring across the two blocklists. Which? has alerted people to phishing scams that use Santander branding in recent years, as the company is frequently impersonated by con artists.
"It's quite disturbing that thousands of banking imitation websites were detected in a single year – possibly leaving millions of customers vulnerable to bogus content online,” said Which?'s head of policy and advocacy, Rocio Concha.
"Reporting scam sites and pursuing domain registrars to remove them shouldn't be the burden of consumers who are merely attempting to bank online.
"A far more significant part of the battle against internet fraud belongs to domain registrars. The next government must prioritize combating fraud nationally in light of the impending election and impose additional legal obligations on these businesses to deter con artists from creating these phony copycat websites.
Are there more imitations out there than these?
Which? has issued a warning, stating that the data is imprecise and that it was unable to verify whether any of the websites were actually fake or meant to mimic the banks in question since web hosting firms or scammers had already pulled down the sites.
But it's also likely that a large number of imitation websites were unnoticed as blocklists didn't include them. Only a few days or even hours pass on certain websites before scammers remove all of the content and take their bait.
In January 2024, the consumer advocate also polled over 1,200 members to find out how much they knew about imitative banking websites. Two percent of respondents said they had unintentionally entered their personal information onto one of these websites, while three percent were unsure.
The majority of participants in our survey were able to recognize that unusual or informal-looking website addresses, along with poorly written sentences, were indicative of a fraudulent website. However, when scammers start using AI to correct grammar and cut down on mistakes, these indicators can start to disappear more and more.
Taking action against clones
Just 27% of respondents were aware that they could find out when a website was registered by using a domain lookup service like who.is. By doing this, customers may be able to identify a newly launched website posing as an established bank.
According to Which?'s research, domain registrars are far more important in the battle against online fraud. Fraudsters need to utilize a domain registrar to set up a copycat website, and customers and businesses need to get in touch with a web hosting company to take one down. Though many businesses function as both, the sector nevertheless exercises self-regulation.
Which? discovered that different organizations take quite different approaches when receiving warnings about fraudulent sites. While some swiftly take down imitation websites, others don't even reply to complaints. Currently, the UK government is consulting on expanding its authority to confiscate domains that are being used illegally.
Which? is urging the next government to impose an obligation on domain registrars to stop scammers from creating these phony websites, as they have a limited amount of time to implement laws before the next election.
Leave a Comment