Argh.
The front page of Halifax's online banking has an extravagantly stupid 'feature'.
Somehow, they have managed to publish their warnings about phishing attacks so that they look like, well, a bit of a phishing attack!
It starts here:
If you try and follow the 'Security guarantee: Read more' link (really some Javascript, not a real link), you get a slightly odd popup warning:
Please be aware that by selecting this link you will be leaving Online Services which is a secure site.
Not all of the outbound links on the page have this 'feature'. It's a fine thing to train users to believe messages about security that are boinked up by Javascript.
Hit OK, and you get the following, astonishingly stupid page, where they've deliberately removed the address bar:
How can a bank be so mind-numbingly stupid? They're making it much easier to scam their customers, and harder for the rest of us to educate users to be wary of this kind of thing, and to check the status bar and address bar for what pages they are going to. Most of the links on the online banking front page use javascript, and deliberately blank the status bar. Argh!
(It's also annoying that they use about two dozen different domains, which makes registering a plausible-looking domain a total doddle. 'hbos-secure.co.uk', anyone?)
Tagged: Rants, Fuckwittage, Security, Technology, Web
Posted at 19:23 GMT, 5th February 2008.
No comments. Add one.