Despite their best efforts to get on top of the problem, some of the UK’s biggest banks continue to find their brands being abused and spoofed by cyber criminal fraudsters and scammers.
BrandShield found more than 1,590 illegitimate web domains relating to some of the UK’s largest providers of consumer banking services – Barclays, HSBC and Lloyds.
Likely due to its size and market visibility, HSBC was by some margin the most targeted bank, with 811 malicious domain registrations observed during the period. Significantly, the number of rogue websites that spoofed HSBC branding more than trebled between April and May 2023, when 147 malicious domains were observed. HSBC also saw significant spikes in malicious domain registrations in November 2022, with 93, June 2023, with 95, and July 2023, with 83.
Some of these websites will have been near-perfect replicas of the targeted banks’ websites. Others may appear at first glance to be a site linked to some kind of special offer from the bank that does not exist.