Citibank e-mail looks phishy
Leichter, Jerry
leichter_jerrold at emc.com
Mon Nov 13 15:15:25 EST 2006
| >Citibank e-mail looks phishy
|
| I think "Citibank aims at foot and lets loose with both barrels, then reloads
| and shoots a second time" would be a better title. This is a really scary
| example of what Perry once referred to as banks actively training users to
| become future victims of phishing attacks. What's even worse is that Citibank
| uses such a profusion of marketing-driven vaguely bank-related domain names
| (e.g. accountonline.com, although this now seems to have been shut down) that
| the email could just as easily have directed users to <random bank-sounding
| name>.com without raising too much suspicion. Any half-awake phisher will
| immediately send out an identical email sending people to some other vaguely
| correct-looking URL and asking for the same information.
They screw things up in other ways, too. If you have an AT&T Universal
card, you're actually serviced by Citibank these days. To get to your
account on line, you go to www.universalcard.com, which very nicely
accepts https connections, using a Verisign cert. Unfortunately, the
cert is for www.citibank.com or some such address. (Of course, then it
promptly redirects you to something on accountonline.com.)
I complained to them about this months ago, with (of course) no response.
-- Jerry
| Peter.
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
|
|
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list