Lloyds, Barclays and Santander customers targeted with thousands of fake websites
GETTY
Fraudsters are plotting to steal customers hard - earned cash by setting up fake websites
More than 2,000 suspected copycat websites have been found imitating real banks such as Barclays and Santander, new research has found.
Customers of popular banks are being warned to remain vigilant when carrying out banking services online.
The affected banks include Barclays, HSBC, Halifax, Lloyds, Monzo, Nationwide, NatWest, Santander and Starling.
Which? teamed up with DNSRF and found that more than 2,000 URLs containing specified UK bank brands were reported to a phishing blocklist in 2023.
Customers of Santander and Barclays appear to be the most common targets for fraudsters setting up fake bank websites as these words appeared most often in blocklists, the research found.
The majority of the sites look like blatant attempts to lead bank customers astray, the report stated.
Santander and Barclays customers most targeted by scammers with thousands of fake websites
GETTY
Rocio Concha, Which? director of policy and advocacy, said: “It’s hugely concerning that thousands of banking copycat websites were reported in a single year — potentially leaving millions of consumers exposed to fraudulent content online.
“Consumers who are just trying to bank online should not have to shoulder the responsibility of reporting scam sites and chasing domain registrars to take them down.”
The consumer group also asked more than 1,200 Which? members how much they knew about copycat banking sites.
The vast majority of respondents were alerted to the scams because of poor spelling and grammar or the strange or unofficial-looking website addresses.
It called for domain registrars and web-hosting companies to do more to prevent these scams appearing in the first place.
Some registrars were quick to remove copycat websites, however others did nothing.
Ms Concha continued: “Domain registrars have a much bigger role to play in the fight against online fraud.
“To set up a copycat website, fraudsters need to use a domain registrar and to take one down, consumers and businesses need to contact a web-hosting company.
“Many companies operate as both and yet the industry continues to self-regulate.”
The government is consulting on new powers to seize domains being used for criminal purposes.
Liz Ziegler, fraud prevention director at Lloyds Bank, said: “We recognise the threat posed by fraudsters attempting to impersonate our brands.
“This problem isn’t unique to us, unfortunately all major companies are targeted by organised crime groups."
A Santander spokesperson said: “We have a range of measures to keep customers safe, including sophisticated tools to detect and take down fake Santander websites.
“We know that in many cases these scams start with an SMS phishing text providing a fake link for customers to follow.
More than 2,000 suspected copycat websites have been found imitating real banks such as Barclays and Santander
GETTY
“We’re working with telecoms companies to prevent these at source and would urge customers to never click on links in a text or email purporting to be from their bank or another trusted organisation.”
A Barclays spokesperson said: “The protection of our customers’ funds and data is our highest priority. We use a number of controls to detect and request that malicious websites are taken down via the domain registrar. We also invite customers to share details of any suspicious sites or pages via the reporting routes detailed on our website.”
A HSBC spokesperson said: “Protecting customers and their money online is an absolute priority for us, so we continually monitor for malicious domain registrations and hosting activity, taking any appropriate enforcement action in a timely manner.
“We would encourage all customers to visit our Fraud and Security Centre on a regular basis, to keep up to date on the latest scams, warnings and advice!”