The Security Mentor

The crooks who pretend to be your bank so they can trick you into giving them your banking password now have a new weapon.

Most security advice out there says you should check whether there's a lock icon at the bottom of your browser window. Supposedly if it's there, you can be sure you're talking to the real website for your bank, and you can be sure your information is protected on its way there.

Recently I wrote:

I didn't mention looking for the padlock icon at the bottom right. If you see that, then some really sophisticated technology is trying to keep your credit card number unreadable and ensure that you're really talking to the site you think you are. Unfortunately that technology only works if a bunch of people you've never heard of did their jobs right. There's no substitute for street smarts.

Coincidentally, a bug report just surfaced on one of the security mailing lists about a bug in Internet Explorer. If the guy is right, a bad guy can trick IE into displaying a lock icon and telling you that you're talking to your bank when you're really talking to a criminal impersonator.

Protect yourself by typing security-critical addresses yourself or picking them from your own bookmarks. Don't click the link from an email that says "log in immediately to get a security fix". Even if the link looks fine it could still be a fake.