How to Tackle Banking Scams

Scammers find ways to target banks, and their clients, no matter how hard we fight back. With new banking scams on the rise, we need a new approach to protecting legitimate businesses and innocent consumers who just want to manage their finances online. Sadly, UK Finance data shows that fraud losses reached £629 million in just the first six months of 2025, with investment scam losses alone surging 55% year-on-year to £97.7 million during that period. These figures add up to over £500,000 stolen every single day. Behind these numbers are thousands of people who trusted what looked like a legitimate bank website, clicked a convincing ad, or downloaded an app that looked like their financial provider. 

With a problem at this scale, regulators can’t help but take notice. The Financial Conduct Authority (FCA) suspended, removed or blocked over 1,600 websites suspected of promoting financial services without permission in 2024, and intervened on nearly 20,000 non-compliant financial promotions, compared to fewer than 600 in 2021. However, the number of banking scams that evade detection and successful hit their targets means that organizations must do more to take control of the evolving threat landscape.

In this article, we cover the key tactics fraudsters use to impersonate banks and other financial institutions: fake websites, social media ads, phishing attacks, investment fraud, and domain abuse. We also look at how financial organisations can use digital risk protection (DRP) to fight back. If you want to see what that looks like in practice, book a DRP demo and we can walk you through it. 

The Surge in Fake Financial Websites and Banking Scams 

Fake websites represent one of the most common tools in a financial fraudster’s kit. They are cheap to build, fast to deploy, and surprisingly convincing. Criminals register lookalike domains and copy official branding, using them to harvest credentials, redirect payments, or build trust before executing a scam. 

Fake websites targeting financial consumers frequently impersonate real brands down to the colour scheme, logo, and page layout. In phishing campaigns targeting Canadian banking customers, researchers found Instagram ads directing users to counterfeit domains built to mimic legitimate bank login pages and capture credentials. The domain RBCpromos1[.]cfd presents another good example: professional-looking enough to deceive, but completely unaffiliated with any real bank. Many users never check the address bar, or skim over it, not noticing the risks until it’s too late.

Fake Ads on Social Media: A Growing Attack Surface for Banking Scams 

To click on a fake website, you have to search it up and find it. Unless, of course, it comes to you, in the form of a social media ad campaign. Fraudsters run paid ads that impersonate financial brands, reach highly targeted audiences, and disappear before platforms can act. The combination of precise targeting, cheap ad inventory, and trusting users makes this approach highly effective. 

Researchers recently highlighted Instagram ads that mimicked a real bank’s branding, and led straight to phishing pages or data-harvesting forms. One campaign fabricated an entire persona around a Chief Investment Strategist, running ads styled as credible investment advice from a named senior banking expert. The ads drove users toward a private WhatsApp investment group, a classic social engineering tactic. 

What makes these campaigns especially difficult to counter is the infrastructure behind them. The Facebook page used in one campaign had existed since October 2023 but contained only two posts, suggesting it was a repurposed stolen account, given age and follower count to appear credible. Fraudsters increasingly repurpose aged social media pages and old domains to bypass the red flags that come with newly registered accounts. Even after the fraudulent ads were reported to Instagram, they continued to appear for several days, illustrating the operational delays that give scammers room to maneuver and strike their victims. 

Phishing Attacks That Impersonate Banks 

Phishing attacks exploit the hard-earned trust between people and their banks. A convincing email, SMS, or ad from a trusted institution can bypass even cautious users, particularly when it arrives through a channel the believe in, direct to their email address.

Modern banking phishing attacks evolve far beyond crude mass emails. Campaigns now use AI-generated videos of real executives to add credibility. For example, deepfaked chief strategist promote a fake investment group leading visitors astray. These tactics raise the bar for distinguishing real from fake, demonstrating that the eye test is no longer enough to keep us safe online. 

Mobile banking also expands the attack surface for modern banking scams. Fake apps mimic real banks and investment companies on app stores, capturing login credentials, intercepting two-factor authentication codes, and monitoring transactions in real time. For banks, fake app attacks undermine customer trust and well-being, while obstructing online revenue. Every customer defrauded by a fake app is a customer who will blame their bank for failing to protect them. 

Investment Schemes, Fake Crypto, and the Promise of Big Returns 

Investment fraud is one of the fastest-growing categories of banking scams in the UK. UK Finance data shows investment scam losses hit £97.7 million in the first half of 2025, up 55% year-on-year, and industry intelligence points to cryptocurrency-related fraud as the dominant driver. Criminals increasingly promise high returns from elaborate fake platforms, then vanish as soon as deposits hit the accounts. 

Scammers promise returns that legitimate investments cannot match, combined with a digital front that looks professional enough to be credible. To fight back against these deceptive claims, financial institutions must actively monitor for fake investment platforms that use their branding. Monitoring and identifying these impersonations helps you close their operational window, and shut them down as soon as they appear.

Typosquatting, Domain Abuse, and the Case for .Bank and .Finance 

Domain abuse sits at the heart of most banking scams. Fraudsters most commonly use a tactic called typosquatting, registering domains that closely resemble a real bank’s web address to catch users who mistype a URL or click a spoofed link. They register hundreds of variations on real bank domains every month, specifically to intercept traffic and harvest credentials.

Most banks and financial services companies operate on .com, where the bulk of traffic (and the bulk of typosquatting) occurs. However, scammers also exploit sector-specific extensions like .bank and .finance domains. ICANN authorized the .bank TLD in September 2014, and it launched in May 2015, built exclusively for the banking community with verified identity requirements before anyone can register a domain. Financial institutions also use the .finance extension as a credible, sector-specific option.

Concerningly enough, scammers also target these domains with fake websites and lookalike login pages. A fraudster who secures a .bank or .finance domain gains an instant credibility boost when customers associate these extensions with legitimate financial services. Rather than raising red flags, a .bank or .finance domain can actually lower a target’s guard.

Financial institutions need to patrol far beyond the .com. Banks should actively monitor .bank, .finance, and other relevant TLDs for lookalike registrations that could support impersonation campaigns. Defensive domain registrations might also help secure the digital landscape, securing their brand name across these extensions before a scammer does. You can also explore domain blocking services like GlobalBlock that stop bad actors from registering a brand name in certain TLD categories altogether.

How to Fight Back: Cyber Threat Intelligence, AI, and Digital Risk Protection 

Addressing banking scams at scale requires moving from reactive takedowns to proactive intelligence. Cyber threat intelligence (CTI) gives security teams visibility into threats before they reach customers: newly registered lookalike domains, fake social media profiles, fraudulent apps in development, and phishing kits circulating on criminal forums. Considering the scale of new threat signals online, security tools need all the tools available in order to stop the spread of scams.

While AI and LLMs add a lot to the threat landscape, they also come in handy when it comes to killing ht noise. Rather than routing thousands of raw alerts to analysts, modern risk protection platforms use AI to triage, score, and contextualize signals, surfacing only the threats that warrant human attention. AI system can assess whether a newly registered domain is a genuine typosquatting risk, correlate it with related infrastructure, and flag it with enough context for a security analyst to act immediately rather than spend time on preliminary investigation.

Conclusion: Banking on Risk Protection

Banking scams seem sophisticated, fast-moving, and financially devastating. Evolving scam tactics work together to erode customer bases and drain funds from innocent, trusting victims. With millions on the line, the pressure’s on.

Forward-thinking banks act proactively, anticipating and mitigating threats before they propagate. With the right tools, you can cut through the noise, and take down fraudulent infrastructure before it causes harm. See what digital risk protection looks like in progress, and protect your future with a free demo right here.