Sunday, July 10, 2016

How to check the web address I found is really what I think it is

I found I have a little money spare and wanted to pay off some of our morguage early. This is not investment advice, but on the risk spectrum it is the lowest risk investment you can make. I have enough risk elsewhere. I have moved banks since my last capital replayment and since it is Sunday
I though I would google it.

It then occured to me what if someone had spoofed the web site for the Coventry Building Society and upped it rankings on Google. What due dilgence should I do?

Step 1. Does Google know about it? In this case no. The info to the left of the web address say it is not secure, but does not give any ownership information.

Step 2. Google safe browsing here. This is more about malware, but it shows no problem.

Step 3. whois.org. This is probably the most useful

Domain name:
coventrybuildingsociety.co.uk

Registrant:
Coventry Building Society

Registrant type:
Unknown

Registrant's address:
Economic House
P O Box 9
High Street
Coventry
CV1 5QN
United Kingdom

Data validation:
Nominet was able to match the registrant's name and address against a 3rd party data source on 10-Dec-2012
So that looks pretty good. But I plan to move 2,000 pounds so I want a little more clarity that the account numbers are correct.

Step 4. Check the sort code www.sortcodes.co.uk

Bank

Hsbc Bank Plc
Branch Coventry
BIC MIDLGB22
Address 55 Corporation St
Coventry
CV1 1GX

Its not in the Caymen islands which is a good start.

Step 5. Lets do it in reverse. Lets put the sort code and account number into google and see if what it finds looks valid.

Indeed it does. I find a number of other sites which validate the numbers, not just 1.


OK, the checks above are not 100% fool proof. It would be possible to spoof this, but the other side would have to work quite hard.

So my last step is to look at an old bank statement and verify the account numbers are the same. I had to work hard for that money after all.