Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1937 posts

Uber Geek
+1 received by user: 53
Inactive user


  Reply # 357560 28-Jul-2010 08:55
Send private message


MikeHeath: Hi

Let me introduce myself - I'm Mike Heath the GM of RaboPlus.co.nz

Apologies for joining this thread so late in the piece, but I thought it important to both acknowledge what has been said and to also clear up a small misunderstanding.

We don't provide a link to our login page in any of our eDMs, for many of the same reasons as have already been stated in this thread.  The "Login" call-to-action/graphic always provides a link to our home page and not our banking login page.

That said I can see how our current practice may have caused some confusion so we'll take this feedback on board and we refrain from using the word "login" in any similar graphics/eDMs going forward.

Thanks for the feedback/comments.

Regards

Hi Mike, thanks for your post.

I acknowledge that you made the change from linking to your LOGIN page to your HOME page, but from my point of view (and it seems others here do agree), by inviting people to click links from email to even your HOME page, you are inviting trouble by going against the "best practice security advice" that is provided to mum and dad users - that being that you should never click links from emails to get to banking websites.

I think it goes against the logic and security advice to provide ANY links to your pages.

The way I see it, I could create a SPAM/phishing email which purports itself to be from RaboPlus and invites people to click to the "HOME" page which is not actually your page (ie. some phishing site). From there I could provide a site looking exactly the same as Raboplus.co.nz, including a "login" link which would obviously have users believing that they are at the official RaboPlus login site.

If I am wrong with anything I've said here I am more than happy to be corrected.

Thanks again for taking the time to read and respond.

Yours sincerely,
Loyal RaboPlus customer.



1163 posts

Uber Geek


  Reply # 357828 28-Jul-2010 16:59

ahmad:
MikeHeath: Hi

Let me introduce myself - I'm Mike Heath the GM of RaboPlus.co.nz

Apologies for joining this thread so late in the piece, but I thought it important to both acknowledge what has been said and to also clear up a small misunderstanding.

We don't provide a link to our login page in any of our eDMs, for many of the same reasons as have already been stated in this thread.  The "Login" call-to-action/graphic always provides a link to our home page and not our banking login page.

That said I can see how our current practice may have caused some confusion so we'll take this feedback on board and we refrain from using the word "login" in any similar graphics/eDMs going forward.

Thanks for the feedback/comments.

Regards

Hi Mike, thanks for your post.

I acknowledge that you made the change from linking to your LOGIN page to your HOME page, but from my point of view (and it seems others here do agree), by inviting people to click links from email to even your HOME page, you are inviting trouble by going against the "best practice security advice" that is provided to mum and dad users - that being that you should never click links from emails to get to banking websites.

I think it goes against the logic and security advice to provide ANY links to your pages.

The way I see it, I could create a SPAM/phishing email which purports itself to be from RaboPlus and invites people to click to the "HOME" page which is not actually your page (ie. some phishing site). From there I could provide a site looking exactly the same as Raboplus.co.nz, including a "login" link which would obviously have users believing that they are at the official RaboPlus login site.

If I am wrong with anything I've said here I am more than happy to be corrected.

Thanks again for taking the time to read and respond.

Yours sincerely,

Loyal RaboPlus customer.


 

Totally agree. It is good see Rabobank repsonded, however I am concerned they don't see the potential security issues with having any form of hyper link in their email. Other banks don't do this, for this exact reason. Having hyper links in the email is a major issue, as that means that phishing systems that target banks cusomters, may produce an email that looks identical to rabopus's emails, and have a link in them that goes to their own phishing website. Whether it is a link to login page or not, is irrelevent, becuase once a cusomter has clicked on a link, and is on the phishing website, the phishing website may then have it's own login page, which will then be used to harvest login details. The good thing about raboplus, is that they do have the security token system which perhaps solves the phishing problem, but that shouldn't be used as an excuse for best practice.

I know someone who got the raboplus email and asked me whether it was legitimate, as they had heard about these phishing scams, and they saw the email had a link. I told them to delete it to be safe, because any important information a bank sends you should not be sent via unsecured email.



1241 posts

Uber Geek
+1 received by user: 156


  Reply # 357842 28-Jul-2010 17:17
Send private message

Agree with the posters before me, having a hyperlink in a bank email is bad for two reasons.

1. It trains people to click links in bank emails.  Now they are also trained to click links in phishing emails that vaguely resemble bank emails.  And since the phishers know which bank puts links in it's emails.....

2. Internationalization/Unicode type attacks where a carefully crafted phishing URL containing particular unicode characters can look for all the world like the valid ASCII URL for the phish target, even if you look real close.  

Links in emails from banking organisations are bad mm'kay.




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.