The number of fake bank websites that target the 26 million British citizens who bank online is rising three percent a month as criminals tighten their focus on the UK and improve their scams, according to research by Bitdefender.
The UK banks most commonly used to create fake web pages are HSBC, Royal Bank of Scotland, NatWest, Barclays, Reliance Bank, ING Direct, Lloyds Banking Group, and Standard Chartered. As cybercriminals shift their focus to employees of financial organisations, they also invent new institutions in almost the same proportion as they use existing ones. Fake banks pose a serious threat to users, being used in more complicated schemes, and targeting specific industries, companies, or individuals. In 2011, £28.1 million* was lost to online banking fraud.
“Unlike phishing, these scams do not usually spread through massive spam campaigns because scammers want to make the websites stay up online as long as possible,” said Catalin Cosoi, Chief Security Researcher at Bitdefender. “If they get reported too fast to their hosts or international institutions, they can easily end up offline. Surprisingly some can even be created to only lure one person, so money is made out of small, gradual, and well-targeted attacks.”
While banking phishing requires a similar design to the genuine website, fake banks focus on copying logos and banners, giving a twist to authentic website names. For instance, the Royal Bank of Scotland web page www.rbs.co.uk may easily become www.r-b-s-online.co.uk and may be completely different from the genuine financial institution.
Here are a few tips to bank online in the UK and stay away from fake bank scams:
• Always stay on guard when you make an online payment, and do not use your credentials unless you are 100 percent sure it is a genuine financial website.
• Check the list of unauthorised banks in UK if you are dealing with a new financial institution you have not heard of before.
• Double check a banker’s or seller’s identity when he calls or sends a targeted e-mail promoting a bank. Scammers may use fake websites created especially for you.
• Before making any payment online, check WHOIS information about the domain registration, hosting, and online activity. More than 90% of these fake websites are registered only for one year and for security reasons they use registrant emails that offer anonymity such as firstname.lastname@example.org, email@example.com, but also free e-mail addresses from providers such as Yahoo, Hotmail, and Gmail, which a serious bank wouldn’t do.
• Keep fraudsters away by securing your device with updated antivirus software that will guarantee antispam, antiphishing, and antimalware protection with minimum resource consumption, and unobtrusive running.
• If you see unusual financial activity on your behalf, notify the bank and block the account.
The recently launched Bitdefender Total Security 2013 comes packed with Safepay, a secured browser that protects credit card information, account numbers, and any other sensitive data entered while accessing online payments.