Leichter, Jerry
Mon, 13 Nov 2006 12:23:46 -0800
| >Citibank e-mail looks phishy | | I think "Citibank aims at foot and lets loose with both barrels, then reloads | and shoots a second time" would be a better title. This is a really scary | example of what Perry once referred to as banks actively training users to | become future victims of phishing attacks. What's even worse is that Citibank | uses such a profusion of marketing-driven vaguely bank-related domain names | (e.g. accountonline.com, although this now seems to have been shut down) that | the email could just as easily have directed users to <random bank-sounding | name>.com without raising too much suspicion. Any half-awake phisher will | immediately send out an identical email sending people to some other vaguely | correct-looking URL and asking for the same information. They screw things up in other ways, too. If you have an AT&T Universal card, you're actually serviced by Citibank these days. To get to your account on line, you go to www.universalcard.com, which very nicely accepts https connections, using a Verisign cert. Unfortunately, the cert is for www.citibank.com or some such address. (Of course, then it promptly redirects you to something on accountonline.com.)
I complained to them about this months ago, with (of course) no response.
-- Jerry
| Peter.
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
|
|
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]