In part 1 of my LUA series, I mentioned a virus that modified the HOSTS file on a PC. This meant that each time someone tried to connect to their banking website, they actually went to a fake website instead, even though they’d typed in the correct URL. This could also be a problem if your DNS server gets compromised, or if someone reconfigures your wireless router so that you use a rogue DNS server.
One way to protect yourself is to use https. If you know the correct address for the website, and you see a padlock in the address bar, you can be confident that this is the real site. This isn’t an absolute guarantee, e.g. if your PC is infected by a virus then it could add some self-signed certificates to your trusted store. However, it’s certainly a step in the right direction. Unfortunately, lots of banks haven’t quite grasped this concept.