[adkadskhj]

> I think you misunderstand. Your parent is saying that after logging into his normal bank, he is taken through two or three third party banking providers that have their own domain names and web user interfaces - just to perform some core action related to paying his mortgage

Actually i think it's slightly different (in my specific example). It looks and feels just like you describe, but i get the impression that it's all the same bank. For some reason the application operates on multiple domains.

My old credit union was the same way. I'd log into `someCU.com` and be forwarded to `secure.CUentry.com` or w/e (i forget the specifics). Both domains were the same CU entity, i imagine, but the pattern we should be telling the "average person" to look for is to always find `foo.com` in the address. If you're not connected to `foo.com` then it's evil. However when sites forward you to likely safe but alternate domains entirely we erode this trust in fixed domain names.

Next time a user clicks on an email to `scamCU.com` and don't think anything of it, since `someCU.com` already has multiple domain names.

But yea, you hit the nail on the head with the root problem. It's gross.