I recently saw a strange effect when logging into my Halifax online banking account using Firefox. When I went to the login page my user name and password had been completed.

I use a password safe so I highlighted the password field and pasted in my password, entered a response to the security question, and clicked login. I was refused access as the password and/or the security response was invalid. I noted that the password field was full with character position indicators.

I repeated the login again, highlighted the entered password and this time when I pasted in the password I saw the password characters being entered at the end of the previous password in slow motion, as if by a phantom typist. I typed in a response to the security question and the same thing happened. I immediately thought that my browser had been compromised. I kicked off an antivirus scan with Avast. I then tried the login with Internet Explorer 8 and got the same result. I tried a login using Opera and that worked normally, although I lost access to the site while connected. Ping and Tracert gave a response 62.172.161.126 reports: Destination net unreachable. I phoned and got Halifax to lock my account.

It is as if the browser did not recognise the text as highlighted and was pasting/typing new characters at the cursor position. I discussed the problem with a friend who is still programming, I am retired, and he suggested that it was a problem with the java routines that Firefox and IE8 were using. However I do not see why I do not have the same problem with other banks. I think the problem may be the Halifax website.

My pc crashed or powered off 3 times while running the scans, but that is another story, I think! The Avast scan showed nothing and neither did a malware scan with SuperAntiSpyware. Following the AV scan I can now log in without problem on IE and Firefox and the password fields are empty.

I use the Trusteer Rapport security plugin and the Lazerus form saver add-on in Firefox which may have some influence on what happened.

Has anyone else seen this, or have an explanation?

Nev

Did you try manually entering the login credentials? Also was it on a https:// connection with the different colour on the url bar and padlock visible?

as you said the credential details had already been filled out that will happen if you have remember cookies psswrds etc for https:// enabled.

if you are paranoid then download another browser and only use that to navigate to your banking website and always manually check to see that it is in a https:// session manually type in the login details username/psswrd and oonce you have finished the session delete the cache etc.

personally for the times i find myself needing to login into paypal or online banking i have a PC with no hard drive attached i use a liveCD and manually do the steps.

if your antivirrii and firewall are up to date and you don't install nasty software you should be fine.

nothing that a call to the bank and have them manually assign a fresh login psswrd cannot fix. ;)

Thanks for the response t34b4g5. I did not check to see if it was an https site but Rapport flagged it in green as HBOS, the bank group, so I guess it was. It certainly is now.

I do not think it was an attempt to steal a password as I was passed to the website but my login was rejected. This account is an investment account and I only looked at it because the investment matures in 3 weeks. I will be closing the account then anyway.

I think that it was a temporary problem associated with timing because the PC was busy and/or the internet connection timed out.

Anyway thanks for the interest, I will just keep a better look out when online to a bank.

Nev