Bad web design = bonkers

Joined
Jul 10, 2022
Messages
3,480
From a webpage on my laptop, this AM I get a message from the credit union, unrecognized username/password, and I store them all in LastPass. Thinking I was just checking to see if the state cashed my check for payment, I thought, my login is good. I do the same on my phone, and it says the system is down for maintenance. In other words, the web should also state down for maintenance (I've noticed this happens in the middle of a business day too).

Obviously, these are two different things. The webpage leads me to a page where I can reset, asking for DOB and SS#. Whoa, the only time I'm gonna provide that is if I'm applying for a loan or someone calls on the phone and says I won a sweepstakes and asks for it so they can send me my winnings.

imho web design is totally poor these days, and the institutions behind them don't really care one way or another. But when it relates to financial, it's simply mind boggling. I can't help but feel the older I get, the more I'm likely to fight it less and likely cave in. Sorta like with insurance, etc.
 
Are you sure that you're on the credit union's webpage? Sounds like phishing to me. If the URL is correct, perhaps their website has been compromised.
That’s an excellent point and why I didn’t proceed with any reset. And checking with the app, could not get it.

Btw the page didn’t go to the dob and ss#, it did when I wanted to reset my creds. Those two pieces of info should never be needed like that.

I did get in half an hour later, so I think it was maintenance only they never said so on the web.
 
This may be considered a regular business, BUT.. I suspect my information may have somehow been compromised.. It's either that, or EXTREMELY poor records keeping/organization.

I got an e-mail from the U.S. Department of Education (i believe it to be legitimate; I will now double-check the FROM address. But, it also directed me to USDoE website...) good news: Fresh Start Initiative. Im eligible. Ok! OK so. They for.. "social security #, date of birth, first two letters of last name, and zip code when the service was signed up for. So. I put this in, multiple times, and, somehow, it says it doesn't match... so I ended up sending in a Certified letter, since the three options they had were.. Online, by Phone (Monday-Friday so won't work for me) and by mail to Greenville, TX PO Box.

Again, it's either a records screw-up on their part, or someone, somehow, changed my info. Wouldn't let me make a new login, either. They seem to have designed it both primitive, and confusingly.. to send a "one time token" to an e-mail address.. that probably was your login, anyways. And a password reset request could always ask for some basic info, too...

Having had something similar happen as early as 2001... if someone you don't want to have access gets access to your account, they can change YOUR passwords and log YOU out of it. That's scammer/phisher/fake accounts 101. Twitter (used to) engage in exactly the same.

So. You're saying web sites couldn't stand to make their sites better? Or that they are not secure...??
 
You should try BMWUSA Financial. Their website is straight out of 2002. They make millions every month from interest and you would think they would have a modern easy to navigate website.
 
I never go to a webpage within a email. Go directly to the site itself to verify any message.
Yup - It is comically simple to replicate the GUI of any given web site, put yourbank.com in an email as a link, with the user presuming the link to points to yourbank.com but ends up at yourbank.someshadyrussiansite.ru that looks 100% exactly like yourbank.com.
 
Back
Top