The consumer champion asked the DNS Research Federation (DNSRF) to check industry blocklists – lists of websites that have been reported as hosting illegal content.
It provided DNSRF with a list of major UK banking brands and it scoured a specialist phishing blocklist for sites reported in 2023 that had the names of those banks somewhere in their web address.
The DNSRF found that more than 2,000 URLs containing the specified UK bank brands were reported to a phishing blocklist in 2023.
Copycat banking websites masquerade as real banks to try and trick people into handing over their personal details and cash.
Which? said it is not possible to check if websites that have already been removed were genuinely fraudulent or impersonating banks, with some potentially only being active for days or even hours before their content is wiped.
With limited time to introduce legislation before the next general election, Which? will be calling for whichever party wins to place a duty on domain registrars to prevent scammers from setting up fraudulent websites.
Rocio Concha, Which? director of policy and advocacy, said: “With an election just around the corner, the next government must make fighting fraud a national priority, and place new legal duties on these companies to prevent scammers from setting up these fraudulent copycat websites.”
Which? approached major banks for comments.
An HSBC UK spokesperson said: “Protecting customers and their money online is an absolute priority for us, so we continually monitor for malicious domain registrations and hosting activity, taking any appropriate enforcement action in a timely manner.”
Liz Ziegler, fraud prevention director at Lloyds Bank, said: “Protecting our customers from fraud is our priority and we use the latest technology to actively search for fake websites, as well as responding to intelligence received from third parties.
“We take the appropriate steps to have fake websites removed, where necessary working with partners across law enforcement, the finance industry and tech sector.”
NatWest Group told Which? that it employs a specialist takedown provider to guard against copycat websites, as well as working directly with internet service providers.
Santander said: “We have a range of measures to keep customers safe, including sophisticated tools to detect and take down fake Santander websites.”
A government spokesperson said: “Tackling fraud is a priority. Since we published our Fraud Strategy in May, we have launched a national fraud squad, hosted a global summit to tackle the threat, worked with 12 of the biggest tech companies on a new charter and launched the Stop! Think Fraud public awareness campaign.
“The NCSC’s Suspicious Email Reporting Service has also removed more than 168,000 scams from the internet, helping the fightback against fraud.”