76% of bank websites have design flaws that can put your information at risk

Words to live by.

"The researchers found that many banks silently redirect users to third-party sites, plop "secure login" boxes on insecure Web pages."


Well, at least I do look to see if it is a secure page. Can that be faked?

I joined a credit union last month. This article made me look up "whois" on the two slightly different homepage URLs that are used first to go to the credit union site, and from there to the online account access. Guess what? Sure enough, when I click on the first homepage to go to log in for account access, it does redirect me to another server (different DNS) owned by a different company in a different country than the first site. (USA versus Canada)

So my credit union is redirecting me to another server. And yes, I am being trained to accept re-direction to another server. With the DNS bug that became public knowledge (last month?) I am at risk to be surreptitiously redirected to a spoof site that looks just like where I want to be and, I think, which shows the same URL up top, even though it really is at yet a third URL. If I cannot see the real URL, I won't know the difference and I will submit my private info, thus giving the spoofers all that they need to get into my account and immediately drain it.

It could all be avoided if all banking [credit union] online functions were on the same server, not contracted out to a business that provides the online banking customized for each bank, right? Is that the gist of it? I found the article a little disjoint and may be missing something.