How to spot a copycat banking website as scammers target customers

Copycat websites masquerading as official bank sites are being used to trick consumers into handing over their personal details and cash.

The Which? consumer group found that more 2,000 suspected banking copycat websites were reported last year and called for tougher action against the potential fraud sites.

Researchers working with the DNS Research Federation (DNSRF) to check industry blocklists – lists of websites that have been reported as hosting illegal content – found sites posing as major UK banking brands littered amongst them.

The DNSRF found that more than 2,000 URLs containing the specified UK bank brands were reported to a phishing blocklist in 2023. Phishing refers to when attackers send scam messages that contain links to malicious websites.

Which? said it is not possible to check if websites already removed were genuinely fraudulent or impersonating banks, with some potentially only being active for days or even hours before their content is wiped.

Which? said politicians must require domain registrars – businesses that supervise the way websites are accessed – to better police the online system to prevent bogus websites from being established.

Rocio Concha, Which? director of policy and advocacy, said: “The next government must make fighting fraud a national priority and place new legal duties on these companies to prevent scammers from setting up these fraudulent copycat websites.”

A government spokesperson said: “Tackling fraud is a priority. Since we published our Fraud Strategy in May, we have launched a national fraud squad, hosted a global summit to tackle the threat, worked with 12 of the biggest tech companies on a new charter and launched the Stop! Think Fraud public awareness campaign.

“The NCSC’s Suspicious Email Reporting Service has also removed more than 168,000 scams from the internet, helping the fightback against fraud.”

Which? have issued their own checklist to help readers spot scams….

• Have you been contacted out of the blue?Cold calls or unexpected emails or messages should raise suspicion, especially if you’re asked to give personal or payment details. It’s very unusual for legitimate organisations to contact you and ask for sensitive information if you’re not expecting them to. If you’re not 100% convinced about the identity of the caller, hang up and contact the company directly.
• Have you been asked to share personal details?Never share your personal details with anyone if you can’t confirm they are who they say they are. Scammers will often try and get valuable personal data from you, and they can use this to steal your money, or even to steal your identity. You should also be wary of anyone who asks you to pay in an unusual way, such as through Western Union or by using Cryptocurrency.
• Are the contact details vague?Scam websites often have vague contact details. Remember that legitimate companies will have a place of business, phone number or email address to contact them on. Sometimes scammers also use premium rate numbers (starting ‘09’) to squeeze every penny they can out of you.
• Are you being asked to keep it secret?It’s important you can discuss any agreements with your friends, family or advisors as outside perspectives can provide valuable voices of reason. Fraudsters use grooming techniques including isolating you so that you don’t tell anyone about the situation you’re in and fall deeper into the scam. Asking you to keep quiet is a way to keep you away from the advice and support you need in making a decision.
• Is the offer too good to be true?Scams will often promise high returns for very little financial commitment. They may even say that a deal is too good to miss. Use your common sense, if a deal seems too good to be true, it inevitably is.
• Are you being pressured to make a decision?Fraudsters often try to hurry your decision making. Don’t let anyone make you feel under pressure – it’s OK to take a break and think things through if you’re not sure. It’s also a common technique for scammers to use a countdown timer on scam websites to pile on further pressure. Genuine companies should always give you time and space to make an informed decision – anyone who tries to rush you should not be trusted.
• Are there spelling and grammar mistakes?Emails or messages littered with spelling and grammar mistakes are a scam giveaway. Legitimate organisations will rarely, if ever, make spelling or grammatical mistakes in their emails to you because they’ve been put together by professionals and checked before they’re sent.