15 Oct 2002
The UK's National Criminal Intelligence Service (NCIS) is warning firms to educate customers about the dangers of bogus Web sites, following news that victims have lost thousands of pounds to a fraudulent banking site.
Experts are also warning firms to ensure that they take action to limit the damage caused by criminals exploiting domain names that are similar to official Web sites.
Further reading
Under the latest scam, criminals set up a bogus site under a domain name similar to that of a UK bank. The fraudsters then set up fake bank account pages for each victim, making them believe that they are about to receive a huge cash sum. Two Canadians lost almost £65,000 between them, while an earlier ruse involving a site resembling that of the Reserve Bank of South Africa cost one UK victim £130,000.
The latest incident has prompted the NCIS, which is investigating the fraud, to ask companies to take more preventative action. An NCIS spokesman advised firms to buy up Internet addresses that are similar to or variations of their own. He said they should also manage their domain names more carefully, monitoring use of their name on the Internet.
"With this bank, it thought it had bought all the relevant URLs, but there was one it had missed," said the spokesman. He advised firms to educate their customers about the scams to look out for and to encourage users to check new domain names with the companies concerned.
But Ken Sorrie, director at domain registrar Internetters, said the strategy of registering multiple variations does not mean firms can then become complacent. "The worst thing that could happen is for a domain name to expire, and be snapped up by someone else," he warned. "The new registrant could create a site with the domain name and have a ready stream of visitors believing they have arrived at the legitimate site, and therefore willing to impart their confidential details."
The NCIS spokesman added that ISPs and registrars could also help to combat fraud. He argued that ISPs should do more to limit the number of bulk emails sent out, since such emails can be used by crooks to attract victims, as in the recent Nigerian email scams. "There may also be an argument for more regulation over what domain name you can register," he added.
Some banks are already taking steps to educate customers on safe Internet usage. The log-in site for HSBC's Internet bank has a warning about the BugBear virus.
Have your say: contact IT Week
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
