I was linked into an online bank account!

24

Comments

  • getoblast
    getoblast Posts: 30 Forumite
    Thanks for your post but it was not a random email.

    Here's the link to the login page at Nationwide;
    https://olb2.nationet.com/
  • getoblast
    getoblast Posts: 30 Forumite
    And here's a screen shot of the word doc... I have smudged some of the accounts personal details...

    untitled1hy8.gif
  • save-a-lot
    save-a-lot Posts: 2,809 Forumite
    1,000 Posts Combo Breaker
    Hi

    OK - that looks good -

    http://www.networksolutions.com/whois/results.jsp?domain=nationet.com

    the URL above will take you to the whois record and that looks fine. Massive security hole then by the looks of it.
  • cledor
    cledor Posts: 809 Forumite
    Part of the Furniture Combo Breaker
    getoblast wrote: »
    Thanks for your post but it was not a random email.

    Here's the link to the login page at Nationwide;
    https://***********



    https://************.com....... is the real url for Nationwide Internet Banking, I guess the ID= gives the full login details.
  • save-a-lot
    save-a-lot Posts: 2,809 Forumite
    1,000 Posts Combo Breaker
    report it to Nationwide then... or make sure the account holder does so.
  • getoblast
    getoblast Posts: 30 Forumite
    I wonder what Nationwide might have to say about it...

    It's over to you guys!

    I must log off now as I'm up at 5am, I'll check for updates to this post in the morning.

    Best regards
  • MarkyMarkD
    MarkyMarkD Posts: 9,912 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    If this is true, and it sounds like it, it's a very major security flaw. Internet banking security should check that the IP address you are accessing their site from doesn't change half-way through the transaction!
  • jonnyb
    jonnyb Posts: 600 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    I don't see this as a major security flaw by the bank.

    The only reason that the OP could access the link was because some computer illiterate individual managed to copy and paste a live link from her account page, and send it to him. If she had not done that, there would be no problem.

    If proof of a transaction is needed, what's wrong with getting a pdf print of the page and emailing it ?
    Or better still, what's wrong with Paypal ? OK it costs but it's less risky than this situation.

    Can anyone else replicate the problem with their own online banking ?
    Karma is a wonderful thing. ;)
  • getoblast
    getoblast Posts: 30 Forumite
    Hi, thanks for your input and I can understand what you’re saying, but many people aren’t as computer literate as yourself. There aren’t many who might know how to create a PDF from a web page. I myself might have simply pressed ‘Print Screen’ and pasted the image of the screen to a word doc.

    But surely there’s no harm in copying and pasting text from a webpage? If I was to logon to this forum and then paste to you the link would you be able to post in my name? I would hope not. So how is it that I could access this account?
  • save-a-lot
    save-a-lot Posts: 2,809 Forumite
    1,000 Posts Combo Breaker
    jonnyb wrote: »
    I don't see this as a major security flaw by the bank.

    It is a security flaw, I run some websites and live links to members areas do not allow access to those pages and will redirect the user to the login page. It is open to abuse, so it is in fact a lapse in their security. It is expected that online banking does not have holes in it like this.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.8K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.7K Work, Benefits & Business
  • 619.5K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.