We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is this a scam
hansi
Posts: 3,001 Forumite
Had a reminder from British Rail to renew my Railcard. When I clicked on the link, I got "There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
[IMG]res://ieframe.dll/green_shield.png[/IMG][URL="javascript:closePage()"]Click here to close this webpage.[/URL]
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
[IMG]res://ieframe.dll/green_shield.png[/IMG][URL="javascript:closePage()"]Click here to close this webpage.[/URL]
0
Comments
-
If it looks like a scam, feels like a scam, it probably is a scam .....
Steer clear for the time being0 -
You have to look at the details when these warnings popup.
What happens in most cases is that the certificate was issued to a specific name originally. Ie. www.railcards.co.uk. Not a generic organization Ie, Railcards UK.
Then a year later when the certificate comes up for renewal, someone changes the name on the application to Ie. server1.railcards.co.uk. probably because they expanded their computer farm and there is now a "server2" which required its own certificate.
The change from "www" to "server1" trips the warning because the cached copy of the original certificate somewhere still says "www".
When you look into the details of the warning you will see that it is still the same company, and company contact and registration information, just a change in the server's name.
But of course, err on the side of caution unless you know exactly what you are looking at naturally.
The last dozen or so warnings that I have come across have all been simple server name changes. In the last ten years I can only remember one actual attempt at a faked certificate and that was a pretty bad attempt at that.
PS. Had a look at the certificate for https://www.railcards-online2.co.uk which is the purchasing server for Railcards.co.uk and their certificate was re-issued on Dec 1st 2008.
If you want to see the details of the certificate after you have closed all of the windows. Go back to the site and attempt to purchase something.
In Firefox look for the little gold coloured lock in the bottom right corner of the screen. Click on it and the option to view the certificate details comes up.
In Internet Explorer the little Gold coloured lock is at the end of the address bar.0 -
Thanks. I just went direct to the railcard site and renewed from there.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards