For every FTSE100 company site there are five fakes

A large number of UK's FTSE100 companies are wide open to cyber-attacks, after domain spoofing and corporate emails were discovered.

Threat intelligence platform provider Anomali reported on Wednesday that 81 of Financial Times Stock Exchange 100 companies have had potentially malicious domain registrations against them. That means cyber-criminals could create fake websites of those companies and trick people into giving them private information, including financial data.

The company also discovered that 5,275 employee email and clear text password combinations have been found on a 'number of sites' where they could easily be taken and either sold or abused.

“Cyber-crime is rising at an astonishing rate, and it’s now a board-level issue for businesses,” said Jamie Stone, VP of EMEA of Anomali.

“Nevertheless, the evidence gathered across our threat intelligence platforms demonstrates that some basic security measures are not being adopted or followed at some of the largest and most prominent companies in the UK. The results of the report should be a wake-up call for these organisations, highlighting just how vulnerable they are in ways they might not even have considered.”

The report, entitled The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures, says there have been 527 fake domain names registered in the last three months (on 100 companies), with some being so close to the real thing that people could easily be fooled into thinking the sites were legitimate.

The majority of these suspicious domains were registered using a Chinese address, followed by the US and Panama.

Photo credit: Stuart Miles / Shutterstock