Citibank e-mail looks phishy

James A. Donald jamesd at
Mon Nov 13 20:37:57 EST 2006

> > I think "Citibank aims at foot and lets loose with both barrels, then reloads
> > and shoots a second time" would be a better title.  This is a really scary
> > example of what Perry once referred to as banks actively training users to
> > become future victims of phishing attacks.  What's even worse is that Citibank
> > uses such a profusion of marketing-driven vaguely bank-related domain names
> > (e.g., although this now seems to have been shut down) that
> > the email could just as easily have directed users to <random bank-sounding
> > name>.com without raising too much suspicion.  Any half-awake phisher will
> > immediately send out an identical email sending people to some other vaguely
> > correct-looking URL and asking for the same information.

Leichter, Jerry wrote:
> They screw things up in other ways, too.  If you have an AT&T Universal
> card, you're actually serviced by Citibank these days.  To get to your
> account on line, you go to, which very nicely
> accepts https connections, using a Verisign cert.  Unfortunately, the
> cert is for or some such address.  (Of course, then it
> promptly redirects you to something on

Before computers, people had a lot of procedures that they routinely and 
ritualistically followed to prevent fraud, faithfully following the 
required procedures without ever thinking much about why things were 
done that way.  It seems that some time during the seventeenth and early 
  eighteenth century, various captains of finance laid down the law "It 
shall be done thus", so very firmly that for the next few hundred years, 
no one deviated.

But right now, we are inventing things, and we have not yet figured out 
how to do stuff right.  Further, the tools available do not really fit 
the task at hand, so it is unsurprising if people keep using them upside 
down and backwards.

I imagine that when our ancestors first figured out how to flake stones 
to form really sharp blades (and a well flaked blade will cut like 
broken glass) there were lots of people cutting their fingers off, 
despite the experts telling them how to correctly handle blades, until 
eventually the next genius figured out how to connect a sharp stone 
blade to a wooden handle.  It then became a lot easier for the wise 
woman to say "hold a knife by the handle except when handing it over, 
and don't run with a knife."

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list