Bank website cloning scams – how to spot the signs

Over the course of lockdown, there has been a significant uplift in banking scams. As well as an increase in volume, we’re seeing a wider range of sophisticated scams emerge, as criminals find new innovative ways to trick unsuspecting victims into sharing private information.

One type of scam the financial industry has seen increase over the course of the pandemic is bank website cloning. As the name would suggest, this involves a fraudster imitating a financial provider by ‘cloning’ their website or using their brand name.

The FCA website has lots of information and advice to help you keep safe online and to help make sure the sites you’re using are genuine. Here are a few tips to help you navigate the web with peace of mind.

What is a cloning scam?

There are two variations to this type of scam. In some cases, the fraudster creates a ‘fake’ website and log-in page that looks like a bank’s own site.  With this type of scam, criminals will often emulate the websites of large high street banks, and target customers using fake phishing emails that include a link to the fake site.

A phishing email is a fake email sent by a scammer with the purpose of seeking to emulate a genuine company, such as your bank, in order to trick you into passing on personal information. This can involve account details or log-in information.

Another variation of this scam is where criminals set up a website under the same name as a financial institution, but without necessarily using the same branding. The fraudsters are exploiting the status and reputation associated with a bank’s name, while also counting on new customers assuming they are dealing with the correct institution.

Most financial providers including Paragon Bank have found themselves the target of both types of cloning scam, so it’s important you take precautions to always make sure you are accessing our website.

With both variations of this scam, the criminals will often advertise on search engines and on social media. While many customers know to be suspicious of phishing emails, they are sometimes less likely to be vigilant when using search engines or social media. This is something fraudsters are well aware of and seek to exploit.

How can you protect yourself from cloning scams?

There are a few steps you can take to protect yourself from clone scams.

  1. Always make sure you’re using the correct details when contacting your bank 

The FCA regularly publishes warnings of cloned site details.  If you’re unsure you’re dealing with your bank’s genuine site, you can head to the FCA’s website in order to check its validity.

Another way you can keep yourself safe is by looking out for the padlock sign in the address bar. When you click through to a genuine site, including ours, you’ll see a little padlock sign in the top left corner. If this is missing, there’s a good chance the site you’re dealing with is fraudulent and should be reported.

  1. Be careful with social media and online ads 

Of course, some ads are genuine as numerous financial institutions use digital advertising. However, because those tools are also used by fraudsters, it’s important to be vigilant. Genuine ads will link through to a bank’s official website, so always check you’re in the right place.

  1. Be wary of unexpected emails 

Most people have received phishing emails at some point, and they’re easy to spot when they’re from a bank you don’t hold an account with. However, it gets trickier when the fraudsters get it right and send you an email from a provider you have dealings with! Remember that if you receive emails with click-through links, those should be ignored. If you feel suspicious, just call your bank to check the validity of an email before actioning anything.

On its website, the FCA outlines some recommendations to help you protect yourself from cloning scams, so it’s also worth familiarising yourself with that advice.

If at any point you become suspicious that the firm you’re dealing with might be a fraudster, please do cease contact with them as soon as possible and report this activity to the provider and to the FCA.

Scroll to Top