Fake HSBC login site ???

strobemonkey

strobemonkey

Messages
2,029
Name
call me anyhting u want
Edit My Images
Yes
After making a payment (internet banking) for the flash and memory card I bought from the forum, my wife asked if she can use the PC, so I went upsatairs and switched my laptop and attempted to login with HSBC and this is what appeared:


Removed Image

I thought the website looked different and why is it asking all of my information, the website doesn't show "https" (with "S") and there's no padlock sign.I scanned my laptop and the anivirus caught a malicious java script, deleted it, and now I get the correct hsbc page! Phew!
 
Well done for spoting the lack of S after http :clap:

It's a dead give away :)
 
Toothie said:
whats the significance of the s?
Click to expand...

- HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS was developed by Netscape.
HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. Unless a different port is specified, HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.

Suppose you visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.

The effectiveness of HTTPS can be limited by poor implementation of browser or server software or a lack of support for some algorithms. Furthermore, although HTTPS secures data as it travels between the server and the client, once the data is decrypted at its destination, it is only as secure as the host computer. According to security expert Gene Spafford, that level of security is analagous to "using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box."

HTTPS is not to be confused with S-HTTP, a security-enhanced version of HTTP developed and proposed as a standard by EIT.
Click to expand...
 
strobemonkey said:
But if you input your "IB" account and hit log on, there will be a second page with the "HTTPS" and you will need to input date of birth and random password digits, the one I posted is asking for all complete information, and its all in the front page too.
Click to expand...

at the end of the day, if it says http://www.hsbc.co.uk then thats where it coming from. So it must be an HSBC page i would say. Not sure why they asked for all that info though, must have been a mistake on their part.
 
Toothie said:
whats the significance of the s?
Click to expand...

the s stands for SECURE :)

so if you see http it's an unsecure site and if it's a banking site proceed with caution! However if it's an https, it is a secure site and you should be safe :)
 
Here you go legit second login page:

Removed Image
 
You should delete your Ib number their one step into the security of your login all ready with trhat pic posted up
 
Pretty sure its not fine and you did exactly the right thing by stopping and running AV.

Ten years ago (for Y2K) I wrote a secure application which was used by the utility providers (gas and electric) to provide status information to senior government personnel. We rejected Javascript as part of the authentication process and forced all input verification to done on the server and forced all log-in pages to be refreshed from the server (any client side cached pages expired as soon as they were cached). Only when the input format was verified on the server was the input passed on for authentication. We did this to avoid exactly the type of spoofing you are seeing here.

What this means is that unless you are 100% confident that your login is secure and that the information you are being asked to provide is exactly as you would usually expect then do not login.

What this demonstrates is that the phishing merchants have taken their game to a new level and unless you are absolutely sure that your machine is clean and the page is genuine then do not login.

The silly part of this is that the banks could solve this very easily by giving each internet banking user a cheap USB card reader and keypad which incorporates hardware for strong encryption of all data. If the banks could agree on a format then you would only need one device and the encryption key would be created using a combination of the card key, a time value and a user input pass number (basically a very similar system to that used by cash machines). They could even give each usb terminal an individual hardware address (similar to mac addresses for network cards) which you would have to register with the bank to use the terminal.

Give it time and the banks will start to take the measures required. The present system must be costing them/us a fortune. All the scammer needs is a couple of phrases/numbers and they get complete access to your bank account. The banks would not allow access to their cash machines on that basis but expect joe public to access their accounts this way.

You might have guessed that this is a pet peeve of mine :)
 

I think i got that :thinking:

Grendel said:
the s stands for SECURE :)

so if you see http it's an unsecure site and if it's a banking site proceed with caution! However if it's an https, it is a secure site and you should be safe :)
Click to expand...

Thanks definiatly got that (y)
 
In order to make a payment I need to authorise it with exactly such a device when using my Natwest account. The only transfers I can make without it are between my own accounts.

Just a note on HTTPS - it only refers to the connection. You may very well have a secure link between you and the server, but that doesn't necessarily mean that the destination of your data is reliable! So don't evaluate a website just on the "S" alone.
 
I'm confused now, I tried logging on again this morning and the same first page appeared. I tried accessing other parts of the website and it looks ok, I emailed HSBC and gave them this thread so they can have a look.
 
I've never seen that page asking for all those other details mate, and I logged in yesterday.

I think you were right to be weary, personally I wouldn't trust it until HSBC verify things.

One test if you can may be to log on via a diff machine and see what happens. Failing that a quick call to Cust Service would answer your Q's.
 
I've removed the two pics from the thread, you left your login ID on them :bonk: ! :D
 
Marcel said:
I've removed the two pics from the thread, you left your login ID on them :bonk: ! :D
Click to expand...

Well spotted - 10 out of 10 for that.
 
badgerbaiter said:
at the end of the day, if it says http://www.hsbc.co.uk then thats where it coming from. So it must be an HSBC page i would say. Not sure why they asked for all that info though, must have been a mistake on their part.
Click to expand...

Not if your DNS has been poisoned or your hosts file has been edited!

That's what most banking trojans do to reasure you that you're on the real page. Fact is you could well be ANYWHERE!
 
You must log in or register to reply here.
Back
Top