Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




363 posts

Ultimate Geek
+1 received by user: 96


Topic # 223175 17-Sep-2017 09:38
quote this post

 

 

 

 

"Westpac NZ will never email you a link to Westpac Online Banking, or ask you for your security details or passwords by email."

 

 

 

 

 

The above line appears on the top of the Westpac email I received this morning advising that my online credit card statement is available.

 

The thing I find interesting is that there are nine links in the email to Westpac websites???

 

"You can view, download and print your statements anytime by going to westpac.co.nz and logging into Westpac One."


Create new topic
6707 posts

Uber Geek
+1 received by user: 3082

Moderator
Trusted
Subscriber

  Reply # 1867455 17-Sep-2017 09:51
Send private message quote this post

That is not directly linking to the internet banking login page - it is directing you to their website for you to click the internet banking link to login.

 

Many banks do this.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


1701 posts

Uber Geek
+1 received by user: 867


  Reply # 1867457 17-Sep-2017 10:01
7 people support this post
Send private message quote this post

michaelmurfy:

That is not directly linking to the internet banking login page - it is directing you to their website for you to click the internet banking link to login.


Many banks do this.


Doesn't that contradict the basic rules though? Surely routinely putting links into emails leading to banks websites is just teaching people it's ok to use email links to the banks websites.

Seems pretty foolish to me.
People are pretty stupid, and habits are created easily.




Location: Dunedin

 
 
 
 


5815 posts

Uber Geek
+1 received by user: 832

Trusted
Subscriber

  Reply # 1867459 17-Sep-2017 10:04
4 people support this post
Send private message quote this post

michaelmurfy:

 

That is not directly linking to the internet banking login page - it is directing you to their website for you to click the internet banking link to login.

 

Many banks do this.

 

 

I don't see how linking to the home page is any better.

 

The reason for not directly linking to the login page is presumably to stop people from being "conditioned" to click on links without checking them (to avoid phishing). But by linking to the home page, it doesn't actually solve the problem - the phishers will then just need to make an additional fake page that looks like Westpac's home page, complete with its own "Log In" link that goes to the actual phishing page.

 

It's a little more work for the phishers, but doesn't seem to be any more secure. Or am I missing something?

 

Edit: What Andrew said :)




363 posts

Ultimate Geek
+1 received by user: 96


  Reply # 1867461 17-Sep-2017 10:09
quote this post

Clicking on the link in the bottom line of my post takes you to the page with the login button.

 

Isn't this how phising works?

 

You receive an email that looks to be official from your bank, PayPal, etc which has a link. You click on the link and a page opens asking you to log in.........

 

 

 

Must learn to type faster!


6707 posts

Uber Geek
+1 received by user: 3082

Moderator
Trusted
Subscriber

  Reply # 1867467 17-Sep-2017 10:21
Send private message quote this post

andrewNZ:
Doesn't that contradict the basic rules though? Surely routinely putting links into emails leading to banks websites is just teaching people it's ok to use email links to the banks websites.

Seems pretty foolish to me.
People are pretty stupid, and habits are created easily.

 

Not really. It is directing you to an easy to verify url (eg: https://westpac.co.nz) instead of your internet banking page and also telling you to navigate to it and login. All phishing emails I have come across do not clone the complete homepage and instead attempt to take you to a phishing page which is simply the internet banking login.

 

Other links may include help pages etc - they're stating in the email they'll never directly link you to the internet banking login. While I partly agree with what you're saying if you got an email for lets say a special term deposit rate like this:

 

"As you're a special customer we have a special term deposit rate for you - head over to our website and click on investments then term deposits to find out more" it is easier for everyone to go "Go over to https://westpac.co.nz/termdeposits for more information".

 

Like you said - some people are pretty stupid...





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


4410 posts

Uber Geek
+1 received by user: 1245


  Reply # 1867473 17-Sep-2017 10:41
4 people support this post
Send private message quote this post

Having links in those emails is just setting the customer up for a fail later. It doesn't matter what the link is - you subconsciously trust it because it wasn't a problem last time you clicked on a link in a bank email.

 

For people to avoid phishing scams, they have to recognise (while distracted on other tasks) that the action being asked in the phishing email is not normal - if they are used to clicking links in banks emails, there is a higher probability of them clicking the link when a phishing email comes through.


670 posts

Ultimate Geek
+1 received by user: 404


  Reply # 1867501 17-Sep-2017 12:52
Send private message quote this post

RunningMan:

 

Having links in those emails is just setting the customer up for a fail later. It doesn't matter what the link is - you subconsciously trust it because it wasn't a problem last time you clicked on a link in a bank email.

 

 

Absolutely 100% correct. They're training their customers to click on links inside emails purporting to be from their bank. It's just crazy.





"War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself."
- John Stuart Mill


1701 posts

Uber Geek
+1 received by user: 867


  Reply # 1867559 17-Sep-2017 16:30
3 people support this post
Send private message quote this post

michaelmurfy: Not really. It is directing you to an easy to verify url (eg: https://westpac.co.nz)

Wow, that's a lot of faith in the average person... I've got no IT training, but I've helped my fair share of ordinary people with computer and internet trouble. Assuming people will verify a url is very optimistic.
I'd argue that a significant portion of users don't know what the url is (no matter what you call it), or where to look for it.

I believe that the majority of IT people seriously overestimate the average user, which then leads to unrealistic expectations of the user.

Links in advertising emails are one thing (I still think it's asking for trouble), but in this case the bank is specifically asking someone to login to internet banking and providing a link to achieve that. I think that's flat out irresponsible.




Location: Dunedin

1701 posts

Uber Geek
+1 received by user: 867


  Reply # 1867565 17-Sep-2017 16:39
2 people support this post
Send private message quote this post

michaelmurfy: https://westpac.co.nz/termdeposits

This link is a prime example of why people don't/can't verify url's. It redirects to https://westpac.co.nz/investment-kiwisaver/term-investments/term-deposit/. That's a significant alteration.

Generally speaking, people don't understand url's and most don't want to. Most people would be happy if the bank name appears somewhere in the address.




Location: Dunedin

1922 posts

Uber Geek
+1 received by user: 607

Subscriber

  Reply # 1867723 18-Sep-2017 00:57
One person supports this post
Send private message quote this post

And how many people would know that you can hover over a link to check that say www.internetbankingsite.co.nz actually goes to that site. Instead of going to pilshingwebsite.com And if you are using a mobile or a tablet, then it is much harder to check where links point to before clicking on them.






Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vocus New Zealand on the block as Aussies bail
Posted 23-Oct-2017 17:06


Vodafone TV — television in the cloud
Posted 17-Oct-2017 19:29


Nokia 8 review: Classy midrange pure Android phone
Posted 16-Oct-2017 07:27


Why carriers might want to embrace Commerce Commission study, MVNOs
Posted 13-Oct-2017 09:42


Fitbit launches Ionic, its health and fitness smartwatch
Posted 12-Oct-2017 15:52


Xero launches machine learning automation to improve coding accuracy for small businesses
Posted 12-Oct-2017 15:45


Bank of New Zealand uses Intel AI to detect financial crime
Posted 12-Oct-2017 15:39


Sony launches Xperia XZ1, a smartphone with real-time 3D capture
Posted 11-Oct-2017 10:26


Notes on Nokia’s phone comeback
Posted 10-Oct-2017 10:06


Air New Zealand begins Inflight Wi-Fi rollout
Posted 9-Oct-2017 20:16


The latest mobile phones in perspective
Posted 9-Oct-2017 18:34


Review: Acronis True Image 2018 — serious backup
Posted 8-Oct-2017 11:22


Lenovo launches ThinkPad Anniversary Edition 25
Posted 7-Oct-2017 23:16


Less fone, more tech as Vodafone gets brand make-over
Posted 6-Oct-2017 08:16


API Talent Achieves AWS MSP Partner Status
Posted 5-Oct-2017 21:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.