Phishing is a huge problem and you would think banks know better.

What is Citibank thinking? The email I just received contains:

Link text: www.citicards.com

Actual link (see status bar): http://info.citibank.com/WAR….4CA8377332533513….

Link destination: https://www.accountonline.com/View?docId=LoginCTP&siteId=…

Login form? Check

Citibank logos all over the place? Check

Domain that isn’t citibank.com? Check

SSL certificat not issued to Citibank? Check

So this must clearly be a phishing email, right? Actually I think it’s not. But it’s definitely not very smart.

Citibank has some instructions so I will report this as phishing. Let’s see what their reply is…