Online Banking Scams in the UK Increasing in Frequency, Professionalism

The number of fake bank websites targeting the 26 million Brits who bank online is rising 3 percent a month as criminals targeting UK citizens tighten their focus and improve their scams, according to a 60-day research by Bitdefender.

The UK brands most-used to create fake web pages are HSBC, Royal Bank of Scotland, Natwest, Barclays, Reliance Bank, ING Bank, Lloyds Banking Group, and Standard Chartered. As cybercriminals shift focus to financial employees, they also create fictitious institutions in almost the same proportion as they use existing ones.

Fake banks pose a serious threat to particular users, being used in more complicated schemes, and targeting specific industries, companies, or individuals. Unlike phishing, they don’t usually spread through massive spam campaigns because scammers want to make the websites stay up online as much as possible. If they get reported too fast to their hosters or international institutions, they can easily end up offline. Surprisingly, some can even be created to only lure one person, so money is made out of small, gradual, and well-targeted attacks.

While banking phishing requires similar design to the genuine websites, fake banks focus on copying logos and banners, giving a twist to authentic websites names. For instance, Royal Bank of Scotland web page www.rbs.co.uk may easily become www.r-b-s-online.co.uk or royallbscot.com, and be completely different from the genuine financial institution.

Here are a few tips and tricks to bank online in the UK and stay away from fake bank scams:

• Always stay on guard when you make an online payment, and don’t use your credentials unless you are 100 per cent sure it’s a genuine financial website.
• Check the list of unauthorized banks in UK if you’re dealing with a new financial insititution you haven’t heard of before.
• Double check a banker’s or seller’s identity when he calls or sends you a targeted e-mail promoting a bank. Scammers may use a fake website created especially for you.
• Before making any payment online, check WHOIS information about the domain registration, hosting, and online activity. More than 90% of these fake websites are registered only for one year. For security reasons they use registrant emails that offer anonimity such as [email protected], [email protected], but also free e-mail addresses from providers such as Yahoo, Hotmail, and Gmail, which a serious bank wouldn’t do.
• Keep fraudsters away by securing your device with updated antivirus software that will guarantee antispam, antiphishing, and antimalware protection with minimum resource consumption, and unobtrusive running.
• If you see unusual financial activity on your behalf, notify the bank and block the account.

The recently launched Bitdefender Total Security 2013 comes packed with Safepay, a secured browser that protects credit card information, account numbers, and any other sensitive data entered while accessing online payments. The Bitdefender fake banking research started on 24^th July, and ended on 21^st September.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Alin Damian, Bitdefender Online Threats Analyst, and Razvan Visan, Bitdefender Head of Online Threats Lab.