April 29, 2024
Targeting the banks: a case study of the UK financial brand abuse domain landscape
Targeting the banks: a case study of the UK financial brand abuse domain landscape

A recent report by consumer watchdog ‘Which?’ highlighted the likely scale of the problem of fraudulent and copycat websites targeting brands in the banking industry. Off the back of this report, we carried out a landscape analysis considering gTLD (i.e. generic extensions such as .com, etc.) domains with names beginning with any of the eight major UK banking brands referenced in the Bank of England’s Resolvability Assessment Framework. This approach (ignoring domains where brand names appear elsewhere in the domain name, unbranded domain names, and other domain-name extensions) will therefore give an extremely conservative view of the full scale of the problem.

Even just using this very simple approach, significant numbers of live, potentially fraudulent sites and other infringements targeting the banking brands were identified. The findings encompassed a range of ‘tiers’ of threat severity, from explicit impersonation and phishing, through the promotion of probable non-legitimate financial schemes, to other potentially unauthorised use of branding (complaints sites, informational content, misdirection of web traffic to third-party content, etc.). Even amongst the large number of additional currently-inactive domains, there is a high potential for fraudulent use and/or subsequent ‘weaponisation’ in scam campaigns. Of additional concern is the fact that some of the high- or intermediate-threat sites have been registered for significant periods of time (up to four years in some cases).

When the analysis is extended to cover ‘fuzzy’ matches to the brand names (i.e. typos and associated variants), a large number of additional examples of concern were again identified, highlighting the extent of this approach (i.e. the use of confusingly similar deceptive brand variants) by fraudsters, and the importance of using a brand-monitoring tool able to capture these examples.

In light of these findings, it would seem that there is a need for increased regulation and legislation in the domain-name-sales industry, since in many cases there is no legitimate reason why a non-brand-owner should be registering large numbers of domains featuring variants of a trusted and rights-protected brand name.

You can read the full report here.

Online Brand Enforcement /  Domains /  Finance

Found this article interesting today?
Send us your thoughts: