Sunil has a very good post titled “Banks that encourages spoofing”
” bank’s online banking facility does not tell their users to follow these practices anywhere on their site, placing them amoung the hordes of other high-security-claiming insecure sites. This is not a big deal as most other secure sites are that way. But what is different about this bank(HDFC) is that they try make sure you never follow these practices even if you know these practices. When we go to the main page of their site and click on netbanking, they open a popup without an address bar. Now how does one know that this is the site they have intended to use? It does not now matter if the site is secure because a person who has spoofed the page can also have his own SSL cerficate and hence establish a secure connection (don’t tell me it will difficult to obtain one). “
mtrajan.com 