不過筆者可能逃不過第二樣. 最近筆者覺得時不時個胃都有火燒的感覺, 這種感覺以前都試過, 結果那一次驗出胃發炎. 遲些時候, 等清理手上的一些事情之後, 會安排入院照胃鏡.
睇新聞報導, 發現有Facebook頁面的假網站, 套取帳戶的密碼. 最近筆者趁渣打銀行150週年推廣活動, 開立Excelbanking戶口, 仲可以得到限量紀念銀幣一枚. 如果開Prioritybanking戶口更可以得到紀念金幣, 不過筆者無咁多現金. 筆者覺得渣打的服務真係幾好, 難怪近年業績咁出色, 有機會要增持2888.
現時在網上操作銀行戶口係指定動作. 第一次登入網上銀行筆者用Yahoo尋找渣打銀行的網址. 為了提防假網站筆者通常用以下的方法:
1. 假網站的弱點之一就是沒有真實的客戶資料庫, 於是筆者會先用假的帳號測試該網站, 真的網站會拒絕讓筆者登入, 假網站會歡迎筆者登入, 真假立見.
2. 真網站有客戶資料, 因此可以顯示客戶的真實姓名, 例如"xxx, 你好"的greeting message. 另外, 真網站可以正確顯示對上一次的成功登入日期和時間. 筆者也會查看帳戶資料中的個人資料是否正確.
後記: 綜合網友的意見, 筆者的方法是不能對付假網站的, 請大家留意.
I think HSBC security is the best.
回覆刪除you should book mark the correct bank address first and login in from this. Using Search Engine to search the bank's web address, it is not security.
回覆刪除That's right. Should login with the bank's web address. Never go through with the search engine to avoid giving any chance to others to break in your account. HSBC's internet banking is more secure. Apart from your "chosen name" and pass word, it is necessary to use a secure key the bank provides.
hsbc used new security certificate
回應無名士, dawn, pghk : 絕對同意, 匯豐用Security card的確安全好多, 不過成本高, 目前很少銀行肯用.
回覆刪除Mr Market,
回覆刪除Sorry to have focused on the security of internet banking. There is something more important.......your health. Please take care of it before anything. This is for you yourself and also for your dear ones.
回覆刪除I don't think the first methods you suggested will protect you from fake web site. This is because the fake web site will simply act as a proxy server. It will actaully lead you to the correct bank server. So, you will recevied all the "correct" info and response from the real server. However, the "proxy" will collect all the password/info you enter and the info the bank send back to you. It is just like a firewall that collect info. You will not notice anything different.
回覆刪除That is also why it is not a wise thing to log into your bank account using your office's computer if your office internet access must pass thru the office proxy server.
The only way that may help is to check your last login time against your record. However, if I were the hacker, I will only need to enter your account once and transfer all your money and go. By the time you find out, it will be too late anyway.
SCB's internet securities services are really bad..I prefer HSBC or BOC.
回覆刪除Actually man-in-middle attack can be well protected by latest SSL protocol.
回覆刪除However even you see https:// in your browser cannot gurantee it is using SSL.
Users MUST understand the importance of looking for the "LOCK" to verify the website is using secure HTTPS communication with a valid SSL certificate.
Man-in-middle may occur when the hacker re-process your request to plain http and then establishes a real SSL connection to the server and makes the request on behalf of the client. But user CANNOT see the LOCK as the secure connection only establishes between the attacker and bank, but not involve client. Everyone when banking must beware the LOCK icon!!!