[hanoz]

Banks and credit card companies have always been the absolute worst offenders for this, requiring people to use hidden iframes from all sorts of acmegenericsecure.net domains, and all the while professing to be the high priests of good practice with their absurd PCI racket, not to mention asking people to install random third party software just to use their websites because browsers apparently aren't good enough.

[woodruffw]

Chase likes to send emails from the not-at-all-suspicious "acctmanagement.com" domain[1].

[1]: https://twitter.com/8x5clPW2/status/1046244493203263488

[jspash]

Google's use of gvt1.com had me convinced for the longest time that I was backdoor'd by some unknown branch of the government that was either not bright enough to cover their tracks or ballsy enough to just say "yea, it's us. the government. and we're in your computer"

[Mistri]

Their reply to your tweet pisses me off

[heyoni]

Not as bad as T-Mobile defending the practice of storing passwords in plaintext!

[antsar]

Defending at least implies engaging with the complaint.

Chase just said "go file a ticket". In other words, "fuck off".

[smallbigfish]

Just last year I told Ikea that they use a phishing like url in my country. Something like makeyourhomegreat.com (I can't remember the exact URL). They actually stopped using that URL but I'm not sure it was because of me or some other reason.

[gruez]

>not to mention asking people to install random third party software just to use their websites because browsers apparently aren't good enough.

is this still a thing? maybe this was true back in the days when activeX was still common, but not now.

[amoshi]

Check out Rapport, big banks prompt you to install it everytime you visit their login page.

[antsar]

Which banks? Chase, BofA, and Amex do not, and I'd like to stay far away from those that do.

[anoncake]

The sensible thing would be to have dedicated software for anything involving handling money, in particular banking. Then you could tell people to never interact with their bank using a web browser.