The Co-operative Bank's odd re-directing behaviour
"Phishing" attacks on internet banking sites have become one of the modern scourges of the web, to the extent that the last two major internet browser releases for PCs both made a song and dance about their anti-phishing filters.
One of the key battlegrounds in fighting this kind of crime is in educating users about the risks posed to them by phishing, teaching them how to recognise it, and how to protect themselves.
For some time now I have been concerned that the Co-operative Bank's internet facility does not give the right messages out to users. I should add that I am a very happy customer of the bank, which I use specifically for their ethical stance, and I don't mean in any way to imply that their internet banking facility is unsafe. However, it does display some very odd behaviour.
The first bit of odd behaviour occurs when you first type in the URL - http://www.co-operativebank.co.uk
What happens is that you get a title bar message indicating that you are being re-directed, even before any on-screen elements have loaded.
Redirecting to Production site
A second strange behaviour happens when you select the personal banking option from their internet banking menu.
As the request is processed, another re-direction is flagged up by the browser:
Redirecting to PBIBS site
I'm sure there are perfectly good technical architecture reasons for building the site this way, but I can't help feeling that getting their customers used to the concept that you frequently get "re-directed" when you are doing online banking will not help in the long term to educate those users about how to spot a phishing attack.
All of which is quite ironic, since having gone from server pillar to post, when you do get to log on to the Co-op's internet banking service, the first thing that greets you at the moment is an anti-phishing warning.