How to know if a Bank website is real or fake

Options
2

Comments

  • TadleyBaggie
    TadleyBaggie Posts: 6,056 Forumite
    First Anniversary Name Dropper First Post
    Options
    !!! wrote: »
    Check the SSL certificate.

    ^^^ this ^^^
  • deadendwaterfall
    deadendwaterfall Posts: 308 Forumite
    First Anniversary Name Dropper First Post
    Options
    !!! wrote: »
    Check the URL.
    Check the SSL certificate.
    I know it would be very hard to do so, but SSL certificates can be faked I think.
    :o
  • fwor
    fwor Posts: 6,810 Forumite
    First Post Name Dropper First Anniversary
    Options
    deadendwaterfall wrote: »
    I know it would be very hard to do so, but SSL certificates can be faked I think.

    Pretty much anything can be faked, can't it? I can make a fake Mona Lisa or a fake £10 note, but is either likely to fool anyone?

    When you look at the cryptographic techniques behind SSL - and the security procedures that surround the issuing of digital certificates which are every bit as important - you'll find a lot of sophisticated design, which most people will be unaware of.

    The infrastructure behind the production of digital certificates has been compromised in the past, but one of the strengths of the system is that it includes a means to distribute revocation lists - which means that when a compromise is discovered it can immediately be neutralised.

    Of course, that's not a perfect system because there will always be a delay between the discovery of a security compromise and the action that negates it - but it does mean that any bad actions ~should~ have short-lived effects.
  • zerog
    zerog Posts: 2,478 Forumite
    Options
    I don't have a full understanding of this, but would it not be possible to have a MITM attack with fake DNS etc?
  • 18cc
    18cc Posts: 2,120 Forumite
    Options
    If you MUST use a desktop to access your bank account then as stated above view the certificate by clicking on the padlock next to the web address - this will tell you the issuer and who it was issued to.

    However, it is much more secure to access your bank account from a smartphone app.
  • [Deleted User]
    [Deleted User] Posts: 0 Newbie
    Name Dropper First Anniversary First Post
    Options
    Don't overthink it - use your browser search, look up the bank name and click on the link that is the site of the bank. DONT use links in emails, advert links in browsers or anything else.

    To be honest, Windows will alert you to a dodgy website very quickly.
  • cloud_dog
    cloud_dog Posts: 6,044 Forumite
    Name Dropper First Post Photogenic First Anniversary
    Options
    This type of question arose in my household a little while ago when we were opening a new savings account for the OH.

    Initially it started off looking for verification of the FSCS guarantee for the organisation and then moved on to how to verify the actual website.

    This was done by stepping through the SSL cert details, undertaking a 'whois' on the domain and reviewing the FCA entry for the organisation. It was the addition of the FCA entry (which I had originally missed) which allowed us to 'close the loop' for the OH.
    Personal Responsibility - Sad but True :D

    Sometimes.... I am like a dog with a bone
  • Brewer20
    Brewer20 Posts: 395 Forumite
    Name Dropper First Anniversary First Post
    edited 20 November 2019 at 1:40PM
    Options
    Padlock sign next to the https:// address usually means it's a safe/secure website, if it hasn't or crossed through then be wary.
    https://www.sitelock.com/blog/is-this-website-safe/
  • fwor
    fwor Posts: 6,810 Forumite
    First Post Name Dropper First Anniversary
    Options
    zerog wrote: »
    I don't have a full understanding of this, but would it not be possible to have a MITM attack with fake DNS etc?

    If you don't have a full understanding then it's probably not useful to start speculating about vulnerabilities, is it?

    Suffice to say that SSL/TLS has been in use for more than 20 years and in that time no fundamental procedural problems have been found. That's not to say that bugs haven't been found in specific software implementations, and the standards have also had to be updated as computing power increases (with the result that some crypto functions are now considered less secure).

    Believe or not, the designers did think about such things as Man In The Middle attacks and DNS poisoning/faking - and a few other naughty things that attackers might do.
  • Eco_Miser
    Eco_Miser Posts: 4,708 Forumite
    Name Dropper First Post First Anniversary Combo Breaker
    Options
    Brewer20 wrote: »
    Padlock sign next to the https:// address usually means it's a safe/secure website, if it hasn't or crossed through then be wary.
    https://www.sitelock.com/blog/is-this-website-safe/
    The padlock just means the link between your browser and the website is secure, it doesn't, of itself, say that the website isn't fake.
    Checking that that SSL certificate was issued to the expected company, by a recognised Certificate Authority does that (mostly).
    Eco Miser
    Saving money for well over half a century
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.3K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.3K Work, Benefits & Business
  • 608.1K Mortgages, Homes & Bills
  • 173.1K Life & Family
  • 248K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards