Fake Bank Site Spreads Malware
A warning issued this week about a fake banking website highlights the need for stronger domain-naming practices, especially in the financial space.
On Thursday, the Office of the Comptroller of the Currency issued a warning about helpwithmybank.com, an illegitimate website feigning to offer consumer information about bank accounts and loans.
Once visited, the helpwithmybank.com URL directs users to a legitimate consumer information site, helpwithmybank.gov, attempting to convince users they are connecting to a legitimate site, according to the OCC. But connecting to the fake site before the redirect is believed to expose consumers to malware.
Doug Johnson, vice president and senior adviser of risk management policy for the American Bankers Association, says so-called typo-domains or domains that claim to offer legitimate consumer information in attempts to fool consumers into clicking malicious links are not new. “We have seen them from time to time, even purporting to be ABA,” he says.
The problem is that there is little the banking industry can do to prevent these types of sites from cropping up. It’s relatively easy for fraudsters to register malicious sites under existing Domain Name System, or DNS, standards.
Dave Jevans of the Anti-Phishing Working Group says anywhere from 2,000 to 4,000 fake websites could be online on any given day. “Fake websites continue to be a big problem,” he says. “Many are used in phishing and spear-phishing campaigns.”