Fake bank website URLs

Watch out for...

Fake bank website URLs

What’s the threat?

Protect Your Tech - watch outHackers have set up fake URLs for UK banks, using website names that sound genuine in order to trick people into handing over their personal information and log-in details.

Security researchers at DomainTools (www.domaintools.com) found 346 fake sites, comprising 110 for HSBC, 74 each for Barclays and Standard Chartered, 66 for Natwest and 22 for Lloyds. Bogus URLs run by scammers include www.hsbc-direct.com, www.natwesti.com, www.barclaya.net, www.barclays-supports.com and www.lloydstsbs.com.

Many fake URLs have an extra letter or character that may go unnoticed at a glance, such as the ‘s’ after ‘Lloydstsb’, or the dash between ‘hsbc’ and ‘direct’. Sometimes scammers even use ‘rn’ instead of ‘m’.

Kyle Wilhoit, one of the company’s researchers, called on companies to buy fake URLs so that they can’t be used by scammers. He said that at around £12 a year, it is “a relatively cheap insurance policy”. He added that the rise in scams is a sign that so-called cyber-squatters are becoming more dangerous. In the past they would buy a URL similar to a company’s or celebrity’s official site, hoping to make money by pretending to be affiliated with them, or by forcing them to buy it (Microsoft vs MikeRoweSoft is one of the best known examples: www.snipca.com/24267).

But now, Wilhoit warns, they are more sophisticated, using “spoofed domain names for more malicious endeavours”. 

What should you do?

The surest way to protect yourself is to bookmark your bank’s website, double-checking you have the URL correct. That way you’ll never need to type the URL to visit the site. If you are clicking a link, hover your cursor over it, then check the authenticity of the URL that appears at the bottom left of your screen (see screenshot).

New tools

Protect Your Tech - new toolsOnly gluttons for punishment enjoyed wading through Microsoft’s old index of security updates, which arrive on the second Tuesday of every month (known as Patch Tuesday). In early April Microsoft replaced this clunky system with a new website that lets you search for much more precise information about what’s in each update. It should make it easier to understand the security fixes Microsoft makes to your PC.

Visit the site below and you’ll see all the fixes in the updates released on 11 April and 9 May. You can sort this list by clicking a product under the Product heading (such as Microsoft Edge, Internet Explorer 11 or Adobe Flash Player). To see the severity rating of the fixes – Critical, Important or Moderate – tick that box at the top of the table. For details about the fix, click the number in the More Info column (see screenshot).

One of the most useful options is right at the bottom. Click the dropdown menu next to ‘Show’ to see up to 100 fixes on one page – instead of the default 20.

Microsoft’s Security Update Guide www.snipca.com/24273

Scam Watch!ScamWatch

Readers warn readers

‘Wanted’ for tax evasion

My wife played back a recorded phone message purporting to be from HMRC. It instructed us to call back regarding a legal issue. I phoned the number and spoke to a man with an American accent who confirmed my name and address. He said he had a warrant for my arrest for tax evasion. I’d apparently withheld £5,000 on my tax returns! I knew it was a scam because I’ve always paid tax through PAYE. I later checked the number online (020 3129 5663) and found scam warnings, then reported it to the police via Action Fraud (0300 123 2040). 
Steve Rothon

For more ways to protect your tech, try Computeractive magazine.
Subscribe today and get 3 issues for £1, plus a FREE welcome gift.