Beware of the fake Bank Website URLs
Hackers have set up fake URLs for UK banks, using website names that sound genuine in order to trick people into handing over their personal information and login details. Security researchers at Domaintools ( www.domaintools.com) found 346 fake sites, comprising 110 for HSBC, 74 each for Barclays and Standard Chartered, 66 for Natwest and 22 for Lloyds. False URLs run by scammers include www.hsbc-direct.com, www.natwesti.com, www.barclaya.net, www.barclays-supports.com and www.11oydstsbs.com.
Many bogus URLs have an extra letter or character that may go unnoticed at a glance, such as the 's' after ‘lloydstsb', or the dash between ‘hsbc' and 'direct'. Sometimes scammers even use 'rn' instead of 'm'. Kyle Wilhoit, one of the company's researchers, called on companies to buy fake URLS so that they can't be used by scammers. He said that at around £12 a year, it is "a relatively cheap insurance policy". He added that the rise in scams is a sign that so-called cybersquatters are becoming more dangerous. In the past they would buy a URL similar to a company's or celebrity's official site, hoping to make money by pretending to be affiliated with them, or by forcing them to buy it (Microsoft vs Mikerowesoft is one of the best-known examples: www.snipca.com/24267). But now, Wilhoit warns, they are more sophisticated, using "spoofed domain names for more malicious activities".
Check for Subtle Tricks
When you're looking at the URL, look carefully for any subtle misspellings in the domain name. Scammers will use slightly misspelt variations of well-known sites to trick you into simply skimming the URL and clicking. A fraudulent email might link to "http://www.mybonk.com" instead of "http://www.mybank.com," for example.
Other scams use a URL with a domain name that begins the same as the domain name you expect but has extra characters where the ordinary domain ends. For instance, a scammer might link to http://www.mybank.com.scamsite.com, instead of simply to http://www.mybank.com. Always make sure to check the entire domain name, not just the beginning.
What should you do?
The surest way to protect yourself is to bookmark your bank's website, double checking you have the URL correct. That way you'll never need to type the URL to visit the site. If you are clicking a link, hover your cursor over it, then check the authenticity of the URL that appears at the bottom left of your screen.