Weird thing happening here. Mrs F getting problems logging into Barclays online banking over past 2 days with some random white screens and requests to type in extra info to reset her login. She was wary and after a couple of calls to Barclays she got put onto their IT security team who, in a nutshell, said we had some virus/trojan on our PC that was redirecting her to a spoof webpage.
They suspended her online banking for 24hrs and mailed an instruction that we should download & run Kaspersky then try some Trend Micro Housecall thing.
We use MSE which is up to date and shows no issues so very reluctant to dump and go with Kaspersky. I did run the Trend Housecall which showed us as all clean.
I wondered if Barclays were being economical with the truth and the redirect was happening higher up the chain... say from certain ISPs or even at the Barclays website itself.
Note exactly the same happens trying on our laptop at home but Mrs F can log on from work OK on their PC (different ISP and 20mls away).
There is some stuff on the net about a trojan that might do this that's been around for several years.
Any thoughts?
|
thoughts
clear your cache, change your browser, change or check your DNS (search the web for instructions on doing this)
Redirect trojans do not replicate over a home network normally, so not sure how it got to two machines. Probably the only difference that can be affected between the home and work location is the DNS thats used.
Check what site its being directed to by checking the address bar in the browser, post it here,
|
So you think it's likely this is in our PC despite scans not finding it?
Change browser... we're using IE9... you mean another like Firefox, Chrome, Safari or Opera?
Seems I need to get DNS numbers from my ISP to change that... can do.
The address that gave the Barclays people concern was this...
ibank.barclays.co.uk/olb/w/PayBill3.do
This actually shows step one of the login page but note the web address refers to *paybill3*. I understand what happens is that the page purports to be a screen helping you to resolve a logging in problem but in reality it has you on the Barclays bill paying page and the info it tricks you into typing in actually sets up and makes a payment from your bank to a 3rd party.
|
Step one of the login process for me is:
ibank.barclays.co.uk/olb/w/LoginMember.do
Last edited by: rtj70 on Thu 7 Jul 11 at 10:10
|
>> So you think it's likely this is in our PC despite scans not finding it?
Nope its a browser cache problem
>> Change browser... we're using IE9... you mean another like Firefox, Chrome, Safari or Opera?
Yup download and try another,
>> Seems I need to get DNS numbers from my ISP to change that... can do.
No need for ISP involvement, I use the google DNS servers, its easy to change in your PC
code.google.com/speed/public-dns/docs/using.html
>> The address that gave the Barclays people concern was this...
>>
>> ibank.barclays.co.uk/olb/w/PayBill3.do
>>
>> This actually shows step one of the login page but note the web address refers
>> to *paybill3*. I understand what happens is that the page purports to be a screen
>> helping you to resolve a logging in problem but in reality it has you on
>> the Barclays bill paying page and the info it tricks you into typing in actually
>> sets up and makes a payment from your bank to a 3rd party.
Now thats strange advice from them because ibank.barclays.co.uk/olb/w/PayBill3.do
IS a barclays site, It goes nowhere other than Barclays. (where BTW it doesen't get through because you are not logged in)
I tried that site and monitored my outgoing traffic. Doesn't go anywhere else so its not a fake site that then redirects you to barclays
|
OK thanks.
Any one of the other browsers best... ie I don't want to add to the complications if there is anything they won't do or work with.
I'll look up the Google DNS thing.
Yes the response from Barclays is odd and I do wonder if they are trying to gloss over a weakness in their webpage security.
|
|
I can login to Barclays online banking using the link Fenlander posted above.
|
>> I can login to Barclays online banking using the link Fenlander posted above.
Yes you can, but it takes you to the log in portal, not the payment portal - which his given URL is.
Either way it makes no odds, both are URLs within the Barclays domain. but the payment URL is clearly no the right one for initial loging in to the site.
Which reminds me
Is she using a bookmark to get to the page?
|
My point was the link posted allows you to login. The section on the Barclays website to pay someone is:
ibank.barclays.co.uk/olb/w/SelectPaymentAccount.do?action=New+Payment||Pay+Someone
So the link provided is not used by the site. In fact if you're already logged in and try using it you get logged out. The site probably thinks there are problems with your session - you're not even allowed to use the browser back button.
|
As we will not be allowed access to Barclays online for 24hrs it will be tomorrow before I'd get a chance to go through the Barclays screens to see how it should/does look... you guys have the advantage today being able to try and see the addresses/actions.
Yes she had always used a bookmark but the bank guys said not to.
Not had a chance to change the browser yet... frying other fish (FZ45 flavour hopefully)... but would appreciate an opinion on which browser to try??
|
>> Yes she had always used a bookmark but the bank guys said not to.
About the only sensible thing they have said to date.
|
I bookmark all of my banks.
But I don't use their URL. Say the home page is this:
bank_of_toytown/home/superstuff/index.jsp
I change it to just bank_of_toytown/ Still goes there though.
So when, not if they change their home page, you still get it. Never seen a bank homepage that did not have a "click here" for home banking etc.
|
I'm online with my Tesco and MBNA credit cards.
I had both bookmarked, but got some strange log-in screens from Tesco - I'm not using the MBNA card at the moment.
I've binned the bookmarks and always go in via a Google search.
|
Iffy, I have an old savings account with Tesco Clubcard Plus and access it online.
They changed their log in procedure and page on June 21st.
It's quite a faff changing over to the new one, as I had to do this week, but worth it once it's done.
You should have had a letter about it......probably you should read your mail?:)
Pat
Last edited by: pda on Thu 7 Jul 11 at 17:28
|
...You should have had a letter about it......probably you should read your mail?:)...
Happily, the time when I was frightened of what the postman might bring has long gone.
Don't think I've had a letter, although it's possible I have, but its contents didn't register.
I only log on about once a month to make a payment, so I will be having another go in a couple of weeks.
|
>> So when, not if they change their home page, you still get it. Never seen
>> a bank homepage that did not have a "click here" for home banking etc.
A bank is highly unlikely to change its primary domain name, in fact unless it changes its name or gets taken over, it will never change its primary domain name.
And your right, they will always have a link to home banking on their home page. So bookmarking the primary domain name is OK but never bookmark the login portal.
|
No need to change browser, just clear the cache.
|
Well thanks again for advice/ideas. I've run about every trusted malware scanner I could find plus forcing the deep MSE scan. Cache etc cleared with Windows Washer. Loaded Google Chrome which we will only use for Banking and go in via homepage directly typed in.
Last night it logged on properly to Barclays so hopefully the spoof page issue is sorted.
|
Barclays Bank problem. Hijack, redirect or trojan? - Zero
