Home / Industry

Typosquatting Data Feed Can Enhance Lloyds Bank’s Typosquatting Protection

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Typosquatting are among the cybersecurity threats that deserve a closer look in the financial sector. In fact, the early detection of typosquatting domains can help financial institutions maneuver away from cyber risks that could cause much damage. But to what extent is this the case?

Typosquatting domains that mimic the domain names of banks and other financial institutions have continuously been detected by the Typosquatting Data Feed. An example of this involves Lloyds Bank, a commercial bank headquartered in the U.K. The bank has over 10 million clients across 1,100 branches all over England and Wales. Even a small percentage of the bank’s clientele falling victim to typosquatting domains would thus be damaging.

Lloyds Bank Typosquatting Domains

The Typosquatting Data Feed was able to detect Lloyds Bank-inspired domain names a few hours after they appear in the Domain Name System. Detection is, therefore, almost in real-time. When integrated into security systems, cyber incident response teams can also take action immediately, even before threat actors can start using the typosquatting domains. As such, intelligence from the Typosquatting Data Feed can help organizations fight phishing and malware attacks.

From October 2019 to April 2020, the typosquatting protection database detected a total of 93 newly registered domains (NRDs) that use the words “lloyds bank.” A few examples were boxed in red in the screenshot below. The data boxed in blue indicates the date when they appeared in the daily data feeds, mostly up to 24 hours from their registration dates. Forty-nine of the domains detected were reported on X-Force Early Warning but not until 6 May.

Comparing the Official Lloyds Bank Domain Infrastructure with Those of the Lookalike Domains

As Lloyds Banking Group has a holistic cybersecurity approach, so one could argue that the bank registered these domain names independently. After all, this is a popular strategy among other well-established banks such as Bank of America, which owns bankofamerika[.]com, bank0famerica[.]com, and other lookalike domains. We can easily confirm this by comparing the WHOIS records of the bank’s official website with those of the suspected typosquatting domains.

Using WHOIS Lookup, we found that lloydsbank[.]com is under the registrar Ascio Technologies and the registrant organization Lloyds Bank PLC.

Note that the bank’s official website still uses the email domain lloydstsb[.]co[.]uk even when they split from TSB Bank in 2013, and a Spanish bank bought the latter in 2015. Lloyds Bank also uses these nameservers:

  • ns2[.]lloydstsb[.]co[.]uk
  • ns5[.]lloydstsb[.]net
  • ns7[.]lloydsbanking[.]com
  • ns8[.]lloydsbanking[.]co[.]uk
  • ns9[.]lloydsbanking[.]com

To compare, we ran the typosquatting domains shown above on Bulk WHOIS Lookup and found out that none of them are registered under Lloyds Bank PLC.

A lot of these domains also have their records redacted, and do not even appear located in the U.K., where Lloyds Bank is registered and operates.

What Can Lloyds Bank Do to Enhance Its Typosquatting Protection?

A bank as large as Lloyds Bank can’t afford leniency with its typosquatting protection strategy. It has almost 2,000 domain names registered under Lloyds Bank PLC, as we found out with the help of Reverse WHOIS Search. We used the following search terms to build a comprehensive reverse WHOIS search report:

  • Registrant organization: Lloyds Bank PLC
  • Street address: 25 Gresham Street
  • Country: U.K.

But if the typosquatting domains detected by the Typosquatting Data Feed is any indication, Lloyds Bank needs to do some real-time monitoring. When we included a date filter to our search parameters, we found only three domains registered between 1 October 2019 to 6 June 2020.


We can’t say for sure that Lloyds Bank doesn’t own any of the 93 domain names cited above. But if the bank indeed doesn’t own them, there is a good chance that these could figure in phishing attacks and business email compromise (BEC) scams. Lloyds Bank’s clients could be tricked into giving out sensitive information, while its partners and suppliers may also become victims of BEC scams.

Reverse WHOIS Search also reveals that the bank has only registered three lookalike domains in the past seven months, even as the Typosquatting Data Feed detected 93 as of 30 April.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC