back to article 324 typo-squat domains found impersonating Natwest, HSBC and co

Hackers are abusing the trademarked names of five of the UK's top high street banks. Security researchers at DomainTools have identified 324 "high risk" domains mimicking Barclays, HSBC, Natwest, Lloyds and Standard Chartered. Crooks often use domains masquerading as legitimate brands to run phishing scams that trick …

  1. Little Mouse

    On a similar theme, I've seen some fairly imaginative bastardisations of the name "KFC" adorning the shop fronts of some high street takeaways.

    1. MyffyW Silver badge
      Paris Hilton

      There used to be a shop on our high street called FCUK which (would you believe it) didn't even sell fried chicken! Imagine my disappointment.

      Wasn't surprised when it closed

    2. Anonymous Coward
      Happy

      You leave Karachi Fried Chicken out of this1

    3. Roj Blake Silver badge

      "Ken's Tucker Fried Chicken"

  2. Anonymous Coward
    Headmaster

    Organisation - Barclay's

    Do those domains belong to Barclay?

    1. Ken Hagan Gold badge

      Re: Organisation - Barclay's

      The bank is named after James Barclay, so your snark is mis-placed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Organisation - Barclay's

        The bank is called Barclays not Barclay

        Snark reinstated.

  3. Anonymous Coward
    Anonymous Coward

    I use URLCrazy for this

    It's an old tool, but still part of Kali Linux. Works well at generating potentially 'similar' domain names that could be use for phishing/squatting.

    https://github.com/hardwaterhacker/URLCrazy

    1. a_yank_lurker Silver badge

      Re: I use URLCrazy for this

      Thanks for the tip! It is in the Arch AUR.

  4. Mystereed

    Enquiring minds have to know...

    ..if the "unlatched browser" entry is a deliberate typo on a story about typos?

  5. Anonymous Coward
    Anonymous Coward

    Noninet are shite too

    Try reporting active phishing attacks using bank typo domains to Nominet and you get a big fat fcuk off. I've tried it several times. Shame, there was a time when they were responsive, now they're just after your cash for their performance related pay bonuses.

    Nominot, nomidont, nomincant, nominwont and nominet-cantbearsed are more suitable names these days.

    1. Ken Hagan Gold badge

      Re: Noninet are shite too

      You'd probably be better off telling the bank. They probably don't have any clout with Nominet either, but they have deep pockets and legal attack dogs to send after whoever registered the names. (Because let's face it, there just isn't any legitimate reason to register any of those names, unless you are the bank in question.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Noninet are shite too

        Au contraire - there is no reason why these domain names should not be registered. It's a free country, it's not doing anyone any harm, and there are plenty of legitimate reasons.

        Yours

        Mr Natwesti

    2. Ken Moorhouse Silver badge

      Re: Noninet are shite too

      Er... is that the email address you sent your complaint to?

  6. Walter Bishop Silver badge
    Linux

    Inspect every domain that are clicked on

    Wouldn't it be simplar to use the punycode hack to spoof domain names.

    "Users should remember to carefully inspect every domain they are clicking on or entering in their browser"

    Or else use a distro that can't be hijacked by clicking on a weblink ..

    1. Anonymous Coward
      WTF?

      Re: Inspect every domain that are clicked on

      Explain how a distro stops you clicking on a dodgy URL and entering your valid details?

      Ah forgot, Linux is perfect and even comes with free Unicorns and fairy dust and can never be compromised, except when it is, and then it's the users fault, except when it's say a TCP injection attack and then it's errr fact there was a Tuesday in the month.

      1. Walter Bishop Silver badge
        Linux

        Re: Inspect every domain that are clicked on

        Clicking on a dodgy URL won't lead to a remote executable running on your computer and permanently installing itself as a root process.

  7. Anonymous Coward
    Anonymous Coward

    barclaysbank-plc[.]co.uk

    Are names like this valid or do the square brackets in the table symbolise something else? I thought we were limited to alphanumerics plus hyphen (and dot between parts).

  8. Anonymous Coward
    Anonymous Coward

    lloydsbankdocuments.com phishing now.

    See ^

  9. Anonymous Coward
    Anonymous Coward

    Couple of tools....

    First for those that run their sites:

    http://registrars.nominet.uk/namespace/uk/security-tools-and-protection/phishing-feed

    Toolbar plugin.

    https://www.netcraft.com/anti-phishing/phishing-site-feed/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019