Protecting yourself from bank imitation websites

Keeping you and your money safe is our top priority, and we have stringent safeguarding measures in place to help protect all our customers. But there are also steps you need to take to protect yourself from fraud.

To help you identify potential scams and stay safe, we’re publishing a series of articles on fraud protection. This article looks at falsified websites that imitate online banking.

What is a bank imitation website scam?

Bank imitation website scams, also known as a copycat or impersonation scams, occur when scammers create fraudulent websites that mimic legitimate banking websites. These scams typically target unsuspecting bank customers by luring them to enter sensitive financial information, such as account numbers, passwords, and personal details, under false pretences.

Scammers use various tactics to deceive individuals into visiting these imitation websites, such as sending phishing emails or text messages that appear to be from the bank, containing links to the fake sites. Once on the imitation website, users may be prompted to log in or provide personal information, which is then harvested by the scammers.

The collected information is then used for identity theft, unauthorised access to bank accounts, or other fraudulent activities, putting victims at risk of financial loss and identity fraud.

An example of a bank imitation scam

Alex frequently checks and manages his finances online. He is home one afternoon catching up on some personal tasks.

Posing as a representative of Alex’s bank, Sophia, an online scammer, sends Alex an email informing him that a security breach has taken place. The email prompts him to urgently update his account information by clicking on a link provided within the email.

At first glance the email appears legitimate, and feeling somewhat distressed with the possibility that someone may have access to his personal funds, Alex rushes into clicking the link. He is redirected to a website that looks identical to his bank’s official site. Alex enters his personal details into the false website, hoping to resolve the supposed suspicious activity.

Unbeknownst to Alex, the website that he entered his information into was actually an imitation bank website set up by Sophia, the scammer. Alex’s personal information, including his bank account credentials, are now in Sophia’s hands.

Alex realises too late that he should have been more cautious and sceptical of the email he received. He has now become a victim of identity theft and must take immediate action to secure his accounts and report the scam to his bank, as well as other relevant authorities.

Five tips on how to protect yourself from bank imitation websites

1. Be sceptical of unsolicited communication

Be cautious of unsolicited emails, text messages, or phone calls claiming to be from your bank. Scammers often use these methods to lure victims to fake websites.

If you receive such communication, independently verify its authenticity by contacting your bank directly using trusted contact information, especially if the communication is unexpected.

2. Verify website authenticity

Before entering any personal or financial information online, ensure that you are on the legitimate website of your bank.

Check the website’s URL for spelling errors, unusual domains, or inconsistencies. Legitimate bank websites typically use secure connections (HTTPS) and display a padlock icon in the address bar.

3. Avoid clicking on suspicious links

Avoid clicking on links provided in emails or text messages, especially if they urge you to update your account information or verify your identity.

Instead, manually type the bank’s website address into your browser or use a bookmarked link from a trusted source.

4. Educate yourself about phishing signs

Learn to recognise common signs of phishing attempts, such as grammatical errors, generic greetings, and requests for sensitive information.

Be particularly wary of unexpected requests for passwords, PINs, or other confidential information.

5. Use Two-Factor Authentication (2FA)

Enable two-factor authentication whenever possible for your online banking accounts.

This adds an extra layer of security by requiring a second form of verification, such as a one-time code sent to your mobile device, in addition to your password.

Additionally, staying informed about the latest security practices, being mindful of the information you share online, and promptly reporting any suspicious activity to your bank can contribute to overall security. Regularly update your passwords and review privacy settings on your accounts to improve your overall cybersecurity.

If someone targets you

If you suspect you are being targeted or have fallen victim to a bank imitation scam, it’s crucial to take immediate action to mitigate potential damage and secure your accounts. You can report it to Action Fraud by calling 0300 123 2040 or by using their online reporting tool, and you can report it to the FCA.

Another vital immediate response would be to contact your bank as soon as possible. Informing your bank about any suspected fraudulent attacks will allow an initial closure of the account, thereby limiting the scammers actions.

Informing other relevant parties, such as financial institutions, credit card companies and any other relevant service providers will also enable you to take additional steps to secure your accounts, as well as helping you to monitor any suspicious activity in the first instance.

If you’ve been a victim, you can also get free specialist help from Victim Support.

More information on bank imitation websites

Some of the organisations and websites we’ve listed above provide a treasure trove of information, guidance and resources. You can also use a domain checker site, such as who.is to view a sites registration history.

Newly created websites are unlikely to be legitimate for well-established banks, so consider double checking a suspicious sites birthday before falling into any fraudulent traps. You can also report dodgy websites using these services, which will help others avoid falling prey to them.

Additionally, imitation websites can also be reported to the National Cyber Security Centre.

As well as checking the FCA’s Register and Warning List, you can also find other information for consumers and firms on the FCA website.

Action Fraud, the UK’s cybercrime reporting centre, also has plenty of useful resources – as does Victim Support.

Finally, we’re always more than happy to help our customers. If you’ve got any concerns or questions about the security of your Currencies Direct funds, or need guidance in relation to a transfer, please do get in touch.

You might also want to read our article on identity fraud, as the two types of scams share some similarities regarding the exploitation of an individual’s personal data.