星期六, 5月 16, 2009

提防假網站的方法

最近美國和香港公佈的數字顯示失業率仍未見底. 筆者更有"埋身"的感覺, 因為最近筆者一些在投行工作的朋友也被裁員, 是咁多年首次發生的事情. 筆者相信從事投行的人士如果能夠捱過今年, 明年應該會雨過天晴. 筆者手上的project list已經排到明年, 所以應該可以逃過這一浪.

不過筆者可能逃不過第二樣. 最近筆者覺得時不時個胃都有火燒的感覺, 這種感覺以前都試過, 結果那一次驗出胃發炎. 遲些時候, 等清理手上的一些事情之後, 會安排入院照胃鏡.

睇新聞報導, 發現有Facebook頁面的假網站, 套取帳戶的密碼. 最近筆者趁渣打銀行150週年推廣活動, 開立Excelbanking戶口, 仲可以得到限量紀念銀幣一枚. 如果開Prioritybanking戶口更可以得到紀念金幣, 不過筆者無咁多現金. 筆者覺得渣打的服務真係幾好, 難怪近年業績咁出色, 有機會要增持2888.



現時在網上操作銀行戶口係指定動作. 第一次登入網上銀行筆者用Yahoo尋找渣打銀行的網址. 為了提防假網站筆者通常用以下的方法:

1. 假網站的弱點之一就是沒有真實的客戶資料庫, 於是筆者會先用假的帳號測試該網站, 真的網站會拒絕讓筆者登入, 假網站會歡迎筆者登入, 真假立見.

2. 真網站有客戶資料, 因此可以顯示客戶的真實姓名, 例如"xxx, 你好"的greeting message. 另外, 真網站可以正確顯示對上一次的成功登入日期和時間. 筆者也會查看帳戶資料中的個人資料是否正確.

後記: 綜合網友的意見, 筆者的方法是不能對付假網站的, 請大家留意.


台灣yahoo: http://tw.myblog.yahoo.com/mr-market/
新浪Sina: http://graham_choi2003.mysinablog.com/
香港yahoo: http://hk.myblog.yahoo.com/mr-market/

10 則留言:

  1. I think HSBC security is the best.

    回覆刪除
  2. you should book mark the correct bank address first and login in from this. Using Search Engine to search the bank's web address, it is not security.

    回覆刪除
  3. That's right. Should login with the bank's web address. Never go through with the search engine to avoid giving any chance to others to break in your account. HSBC's internet banking is more secure. Apart from your "chosen name" and pass word, it is necessary to use a secure key the bank provides.

    dawn

    回覆刪除
  4. 回應無名士, dawn, pghk : 絕對同意, 匯豐用Security card的確安全好多, 不過成本高, 目前很少銀行肯用.

    回覆刪除
  5. Mr Market,

    Sorry to have focused on the security of internet banking. There is something more important.......your health. Please take care of it before anything. This is for you yourself and also for your dear ones.

    dawn

    回覆刪除
  6. 我後生時渣打retail真係不知所謂,但近年明顯改善。

    回覆刪除
  7. I don't think the first methods you suggested will protect you from fake web site. This is because the fake web site will simply act as a proxy server. It will actaully lead you to the correct bank server. So, you will recevied all the "correct" info and response from the real server. However, the "proxy" will collect all the password/info you enter and the info the bank send back to you. It is just like a firewall that collect info. You will not notice anything different.
    That is also why it is not a wise thing to log into your bank account using your office's computer if your office internet access must pass thru the office proxy server.
    The only way that may help is to check your last login time against your record. However, if I were the hacker, I will only need to enter your account once and transfer all your money and go. By the time you find out, it will be too late anyway.

    回覆刪除
  8. SCB's internet securities services are really bad..I prefer HSBC or BOC.

    回覆刪除
  9. Actually man-in-middle attack can be well protected by latest SSL protocol.
    However even you see https:// in your browser cannot gurantee it is using SSL.
    Users MUST understand the importance of looking for the "LOCK" to verify the website is using secure HTTPS communication with a valid SSL certificate.

    Man-in-middle may occur when the hacker re-process your request to plain http and then establishes a real SSL connection to the server and makes the request on behalf of the client. But user CANNOT see the LOCK as the secure connection only establishes between the attacker and bank, but not involve client. Everyone when banking must beware the LOCK icon!!!

    回覆刪除