Our bank says bookmarks aren't safe and to use the main page??

Not sure if there's a better place to put this so I'll be on the lookout to see if it gets moved.

Okay. Our bank has just changed over to a new internet banking set up and posted information on the old site address telling us that site will no longer work. Fair enough - I can accept that part. However, they're also saying that we shouldn't bookmark the banking page "for security purposes" but can bookmark the main page.

My question is how can it be safer to use a bookmark for their main page and follow a link to banking from there rather than bookmark the login page directly?? After all, the login page is an https and the main page is only an http. To the best of my knowledge, if your browser is being hijacked, it would make no difference whether you were using a bookmark to the login page, a bookmark to the bank's home page and click on the internet banking link or typed in the bank's address and THEN followed the internet banking link.

I also think it's highly improbable that any customer's browser will be redirected to a clone of our bank because they're only a tiddly little mob in the world of financial institutions that are only available in our own state. Though again, how are you any safer either way if your browser is being hijacked? Is there any other issue that means their advice makes sense? (I've certainly had stupid advice from their web team before - they told me I shouldn't use bookmarks because the address of their banking changes regularly; at that stage it hadn't changed for at least five years!)

Thanks all!

 

I think you are misunderstanding what they are saying.

They are asking you to no longer use the old bookmark (because eventually the site will be gone) and to bookmark the new site.

 

Let me start this reply by making sure things are very clear. As I suppose most banks do, ours uses their own domain to host their banking services. The old url was secure.(bank).com and the new one is online.(bank).com - still on the bank's own domain and both obviously are sub-domains. So any time I have or do mention internet banking "site" that should be interpreted as sub-domain.

I read the message to be referring to the new internet banking url and given that the old banking system is disabled, surely they can't be referring to that url. The only thing on the page at the old logon url is that message.

Further to my belief that they (or at least some of them) think bookmarking of the internet banking url, new or old, is a dangerous practice is this exchange that I had with them last year after a Firefox 7 version came out:

This was the reply I received:

I get the impression that the person who wrote this reply has no understanding of domains. (Oh, and please note my comment in my first post that the url hadn't changed in at least five years.) Surely my bookmark can only lead to an insecure site if someone else takes over the domain name and uses it to trick people?

I manage a few basic websites for individuals (at places like webs.com) and one for an organisation (on their own domain name) so I'm clear on domains and sub-domains. Is there something I don't get/know about what the bank is trying to convey or are they in dire need of some lessons in domains, sub-domains, urls and bookmarks? (Doesn't inspire much confidence in the site security if they don't understand some basic points...)

 

The reason that they are telling you to not rely on the bookmark, is to keep people from getting "Phished". They fully understand the risks, and are trying to keep people from getting scammed. Just need to move on and if you want to bookmark the site, do so, but you are doing it at your own risk.

 

Greetings...

Just to add, it's fairly common for secure sites to post the caveat about bookmarking. For example, from Vanguard.com (an American investment management company):

 

I think your bank sucks. My bank and 3 others I just checked all use only https, no http at all. In other words, the "main page" is https.