DISCLAIMER: IT’S MY PERSONAL VIEW POINT. THIS ARTICLE IS NOT
INTEND FOR DECISION MAKING. PLEASE CONSULT YOUR SECURITY ADVISOR OR CONTACT ME
IN PERSON FOR DETAILS.
What’s the problem with Mashreq Bank Official Website?
But is the Mashreq Bank website secure? Not really!
Security is an essential factor for bank websites. Banks and most sensitive information websites are highly recommended to use a secure layer called TLS (SSL was officially deprecated – read more) to transfer information. Such HTTPS communication will prevent eavesdropping, man-in-the-middle attacks that may lead to Phishing attacks to steal customer internet banking username and password information.
HTTPS (Secured Hyper Text Transfer Protocol) provides the maximum protection from the most notorious hacker attacks for banking websites like phishing and sniffing.
What happens when you try https://www.mashreqbank.com?
Invalid Certificate Notice
I am curious, so what happens when you hit Continue to this website (which was not recommended!)?
Note: Typing the full URL of the website (when known) with https is the safest way to access websites.
What is the Problem (Technically)?
The Mashreq Bank official website (www.mashreqbank.com) SSL Certificate is mapped to a wrong certificate that was issued to the Mashreq Bank’s Career portal (careers.mashreqbank.com).
Note: Unfortunately, the career portal is also down.
CERTIFICATE PATH
Besides, the certificate signature has algorithm is a very weak SHA-1 algorithm which needs to be updated to SHA256 as soon as possible. Read more about SHA-1 Sunset.
Is my Mashreq Online Banking unsafe?
No, not really! The Net Banking is still safe and well secured. The potential risk is only when you are redirected from Official Website to Net Banking site and other potential attacks such as Phishing and zero-day attacks.
Besides, Mashreq Bank is a reputed financial institution. You may expect for the best support from the bank during such unfortunate situations.
How am I affected?
Mashreq Bank official website has potential security risk. But the Online Banking portal https://netbanking.mashreq.com is safe and configured with good security systems.- Though you cannot do much on the server side, you can protect yourself by not accessing your bank website on public wifi in cafes, public transportation, etc., and securing your home/office wifi networks.
Mashreq Online Banking Portal - Certificates
Read about Security Attacks
- Phishing Attack
- Spoofing Attack
- HTTPS
HTTPS protects the integrity of
your website
By Google:
HTTPS
helps prevent intruders from tampering with the communications between your
websites and your users’ browsers. Intruders include intentionally malicious
attackers, and legitimate but intrusive companies, such as ISPs or hotels that
inject ads into pages.
Intruders
exploit unprotected communications to trick your users into giving up sensitive
information or installing malware, or to insert their own advertisements into
your resources. For example, some third-parties inject advertisements into
websites that potentially break user experiences and create security
vulnerabilities.
Intruders
exploit every unprotected resource that travels between your websites and your
users. Images, cookies, scripts, HTML… they’re all exploitable. Intrusions can
occur at any point in the network, including a user’s machine, a Wi-Fi hotspot,
or a compromised ISP, just to name a few.
Hope Mashreq will take action very soon.
Cheers!
Arun Ramachandran
Please reach me or leave your comments in the comment section. I'll get back to you as soon as possible.