Fighting malware and spam

UK banks failing online users

Report names and shames insecure banking sites - again.

A report from heise Security, following up on a previous study released a month ago, claims several UK banks are still using insecure login methods despite warnings issued in the earlier report.

While some of the sites tested in the original survey have improved, several, including Cahoot, the Bank of Scotland and First Direct, were still vulnerable to the same frame-spoofing attacks. First Direct announced updates were due shortly before publication of the new report, and a demo attack on First Direct included in the story no longer works.

Of nine banks tested for the first report, only three, Barclays, HSBC and the Halifax, were found to be safe against all tests. The vulnerablities leave the banks' customers at risk from phishing attacks using faked login screens.

See the new heise Security report here. The original test results are here.

24 October 2006

Tags: spam