Tougher action needed to combat copycat banking websites, says Which?
Which? wants to see whichever party wins the next election place a duty on domain registrars to prevent scammers setting up fraudulent websites.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Tougher action is needed to stop copycat websites posing as banks, Which? has urged.
The consumer champion asked the DNS Research Federation (DNSRF) to check industry blocklists – lists of websites that have been reported as hosting illegal content.
It provided DNSRF with a list of major UK banking brands and it scoured a specialist phishing blocklist for sites reported in 2023 that had the names of those banks somewhere in their web address.
The DNSRF found that more than 2,000 URLs containing the specified UK bank brands were reported to a phishing blocklist in 2023.
Copycat banking websites masquerade as real banks to try and trick people into handing over their personal details and cash.
Which? said it is not possible to check if websites that have already been removed were genuinely fraudulent or impersonating banks, with some potentially only being active for days or even hours before their content is wiped.
With limited time to introduce legislation before the next general election, Which? will be calling for whichever party wins to place a duty on domain registrars to prevent scammers from setting up fraudulent websites.
Rocio Concha, Which? director of policy and advocacy, said: “With an election just around the corner, the next government must make fighting fraud a national priority, and place new legal duties on these companies to prevent scammers from setting up these fraudulent copycat websites.”
Which? approached major banks for comments.
An HSBC UK spokesperson said: “Protecting customers and their money online is an absolute priority for us, so we continually monitor for malicious domain registrations and hosting activity, taking any appropriate enforcement action in a timely manner.”
Liz Ziegler, fraud prevention director at Lloyds Bank, said: “Protecting our customers from fraud is our priority and we use the latest technology to actively search for fake websites, as well as responding to intelligence received from third parties.
“We take the appropriate steps to have fake websites removed, where necessary working with partners across law enforcement, the finance industry and tech sector.”
NatWest Group told Which? that it employs a specialist takedown provider to guard against copycat websites, as well as working directly with internet service providers.
Santander said: “We have a range of measures to keep customers safe, including sophisticated tools to detect and take down fake Santander websites.”
A government spokesperson said: “Tackling fraud is a priority. Since we published our Fraud Strategy in May, we have launched a national fraud squad, hosted a global summit to tackle the threat, worked with 12 of the biggest tech companies on a new charter and launched the Stop! Think Fraud public awareness campaign.
“The NCSC’s Suspicious Email Reporting Service has also removed more than 168,000 scams from the internet, helping the fightback against fraud.”