Golden1 to buy more phishing insurance

The Golden1 Credit Union mostly serves (I think) State of California employees. Today these customers were miseducated about how DNS changes propagate and encouraged to trust a bare IP address and “accept the security alert.” See screenshot below (red outline added):

golden1 screenshot

This particular operation should be safe, but they’ve lowered the bar for — why bother setting up or when Golden1 has told customers to trust a bare IP and ignore warnings?

The least Golden1 could’ve done is to point some previously unused (and thus uncached) subdomain, e.g., at the new IP address for and tell customers to use the former as a temporary workaround.

Someone ought to be reprimanded for this gaffe.

Leave a Reply