How to know if a Bank website is real or fake
Options
Comments
-
-
-
deadendwaterfall wrote: »I know it would be very hard to do so, but SSL certificates can be faked I think.
Pretty much anything can be faked, can't it? I can make a fake Mona Lisa or a fake £10 note, but is either likely to fool anyone?
When you look at the cryptographic techniques behind SSL - and the security procedures that surround the issuing of digital certificates which are every bit as important - you'll find a lot of sophisticated design, which most people will be unaware of.
The infrastructure behind the production of digital certificates has been compromised in the past, but one of the strengths of the system is that it includes a means to distribute revocation lists - which means that when a compromise is discovered it can immediately be neutralised.
Of course, that's not a perfect system because there will always be a delay between the discovery of a security compromise and the action that negates it - but it does mean that any bad actions ~should~ have short-lived effects.0 -
I don't have a full understanding of this, but would it not be possible to have a MITM attack with fake DNS etc?0
-
If you MUST use a desktop to access your bank account then as stated above view the certificate by clicking on the padlock next to the web address - this will tell you the issuer and who it was issued to.
However, it is much more secure to access your bank account from a smartphone app.0 -
Don't overthink it - use your browser search, look up the bank name and click on the link that is the site of the bank. DONT use links in emails, advert links in browsers or anything else.
To be honest, Windows will alert you to a dodgy website very quickly.0 -
This type of question arose in my household a little while ago when we were opening a new savings account for the OH.
Initially it started off looking for verification of the FSCS guarantee for the organisation and then moved on to how to verify the actual website.
This was done by stepping through the SSL cert details, undertaking a 'whois' on the domain and reviewing the FCA entry for the organisation. It was the addition of the FCA entry (which I had originally missed) which allowed us to 'close the loop' for the OH.Personal Responsibility - Sad but True
Sometimes.... I am like a dog with a bone0 -
Padlock sign next to the https:// address usually means it's a safe/secure website, if it hasn't or crossed through then be wary.
https://www.sitelock.com/blog/is-this-website-safe/0 -
I don't have a full understanding of this, but would it not be possible to have a MITM attack with fake DNS etc?
If you don't have a full understanding then it's probably not useful to start speculating about vulnerabilities, is it?
Suffice to say that SSL/TLS has been in use for more than 20 years and in that time no fundamental procedural problems have been found. That's not to say that bugs haven't been found in specific software implementations, and the standards have also had to be updated as computing power increases (with the result that some crypto functions are now considered less secure).
Believe or not, the designers did think about such things as Man In The Middle attacks and DNS poisoning/faking - and a few other naughty things that attackers might do.0 -
Padlock sign next to the https:// address usually means it's a safe/secure website, if it hasn't or crossed through then be wary.
https://www.sitelock.com/blog/is-this-website-safe/
Checking that that SSL certificate was issued to the expected company, by a recognised Certificate Authority does that (mostly).Eco Miser
Saving money for well over half a century0
This discussion has been closed.
Categories
- All Categories
- 343.3K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 248K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards