ABSA Bank is trying their very best to create awareness about phishing websites, but what is the average user to think when ABSA’s own website closely resembles a phishing website? While on ABSA’s Internet Banking website, paying my monthly bills, I was suddenly redirected to a very suspicious looking page: http://196.35.75.26/unavailable.html

At first I thought that my system was compromised. As you can see in the screenshot, images on the page are broken and it appears like a rather amateurish attempt at a phishing website — but truly, it is an ABSA website, linking back to ABSa’s secure https banking website.

Traceroute nodes. Notice node 16, around Johannesburg, South Africa, the hub of the trouble:
15. dimensiondata-0.r02.londen0162340327
16. csw3-rba-gi8-4.ip.isnet.net

And in the past…

Over 3 years ago while on the phone with ABSA Internet Banking support staff I tried my very best to explain to them that there is a serious bug in the pass phrase page that would cause a user of the online banking system to be locked out of the system when entering the correct pass phrase; under certain conditions a Javascript bug on the page causes the page to incorrectly handle input characters for the pass phrase sequence.

Why ABSA, why?

Why Absa, would you redirect someone to an IP address? Why would you leave the page so broken? Why would you not fix the Javascript bug on your internet banking page that has been haunting users for 3+ years? Imagine ABSA hired me as a consultant and someone actually fixed the problems. Wow. Imagine that. Oh, I could even build a nice mobile site too that is as cool as FNB’s.