internet banking, and no url for you.

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › internet banking, and no url for you.

taniwha

961 posts

Ultimate Geek

Trusted

#16087 24-Sep-2007 14:17

WHY OH WHY does ANZ go to such great lengths to *hide* the url within their internet banking?

1 | 2

4999 posts

Uber Geek
+1 received by user: 462

Moderator

Trusted

Lifetime subscriber

#87902 24-Sep-2007 14:32

sorry? Hide which URL?

I take it you do not mean anz.co.nz?

Noviota

85 posts

Master Geek
+1 received by user: 13

Trusted

#87906 24-Sep-2007 14:43

I have the log on page at https://www.anz.com/nz/inetbank/bankmain.asp bookmarked

taniwha

961 posts

Ultimate Geek

Trusted

#87907 24-Sep-2007 14:47

yes, but why would a bank want to hide their URL? isn't just what a phisher would do? ANZ.co.nz (and the australian equiv) go to great lengths to turn off the address bar using javascript - what's the logic behind this?

NokiaRocks

364 posts

Ultimate Geek
+1 received by user: 1

Trusted

#87909 24-Sep-2007 14:50

I just find all the pop-ups and browser close messages ANZ give me everytime i Login/Logout annoying.

Nightwyrm

588 posts

Ultimate Geek

Trusted

#87911 24-Sep-2007 15:05

taniwha: yes, but why would a bank want to hide their URL?

Why would you need to see it?

Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

barf

643 posts

Ultimate Geek

#87915 24-Sep-2007 15:34

lugh: Why would you need to see it?

so that you know you're logging into anz.com and not somedodgyphisher.com

probably, ANZ just want to make the URL look tidy and less cluttered, harmless enough but I don't want wool over my eyes either

Sniffing the glue holding the Internet together

Mighty Ape

Shop now at Mighty Ape (affiliate link).

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#87917 24-Sep-2007 15:41

There are some real plonkers at ANZ. As you know the internet banking site is actually hosted on anz.com/nz but when XP SP2 came along with the IE popup blocker ANZ posted detailed instructions with pictures showing you how to add anz.co.nz to the filter so it would be excluded. This of course didn't work!

Nightwyrm

588 posts

Ultimate Geek

Trusted

#87919 24-Sep-2007 15:44

sbiddle: There are some real plonkers at ANZ.

Thanks

(although I like to think I work for ANZ National - a somewhat different beast)

Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

taniwha

961 posts

Ultimate Geek

Trusted

#87922 24-Sep-2007 15:50

lugh: Thanks (although I like to think I work for ANZ National - a somewhat different beast)

So lugh, can you hit the internet banking team with a clue stick for us???

Nightwyrm

588 posts

Ultimate Geek

Trusted

#87923 24-Sep-2007 15:59

taniwha: So lugh, can you hit the internet banking team with a clue stick for us???

If you pay for me to go to Aussie

. Unfortunately, as I'm in a different technology area, I can't talk to the specific reasons for this .

Barf, I'm not convinced that it would be that easy to go to a dodgy version of the ANZ site without going through a hoax email and I reckon you'd have to be really naive to do that nowadays (saying that, it does still happen). Isn't the basic rule of thumb nowadays to not go to a bank site through an email link?

Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

taniwha

961 posts

Ultimate Geek

Trusted

#87925 24-Sep-2007 16:11

the basic training i'd give someone to make sure they aren't being phished is to CHECK THE URL...

Now, anz have hidden this.

It's now left down to a single point of failure, the integrity of their http://www.anz.co.nz/

That's plain old http, not SSL. You'd only need to stick in a proxy in someone's path, or some DNS tricks, and return a different response - then you'd be "popup-ed" off to a https://dodgyphisingsite.com, with a valid SSL cert and you'd never know unless you jumped through hoops to reveal the url again.

AliExpress

Shop now on AliExpress (affiliate link).

Nightwyrm

588 posts

Ultimate Geek

Trusted

#87926 24-Sep-2007 16:16

Damn, good thing I'm not in the internet banking teams

. I can pass your comments along though.

Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

barf

643 posts

Ultimate Geek

#87929 24-Sep-2007 16:31

lugh: Barf, I'm not convinced that it would be that easy to go to a dodgy version of the ANZ site without going through a hoax email and I reckon you'd have to be really naive to do that nowadays (saying that, it does still happen). Isn't the basic rule of thumb nowadays to not go to a bank site through an email link?

email link or bookmark or typed URL- give a skilled attacker access to your network or your PC and your DNS lookups can be spoofed in seconds.
i think hiding URLs is just adding to the confusion an attacker already has against a victim. i get used to seeing index.php?sessid=nmbcvmbaivbu928r5 and would be suspicious if this was missing.

Sniffing the glue holding the Internet together

rwales

122 posts

Master Geek

#87972 24-Sep-2007 20:03

lugh: Why would you need to see it?

No reason at all. In fact, it's summarized nicely right here: http://www.anz.com/helpcentre/faq?q=2293931

All your base are belong to us.

mpeel

1 post

Wannabe Geek

#87986 24-Sep-2007 21:25

Agreed, I always found that kinda dumb and rather annoying.

1 | 2