Phishing is a huge problem and you would think banks know better.
What is Citibank thinking? The email I just received contains:
Link text: www.citicards.com
Actual link (see status bar): http://info.citibank.com/WAR….4CA8377332533513….
Link destination: https://www.accountonline.com/View?docId=LoginCTP&siteId=…
Login form? Check
Citibank logos all over the place? Check
Domain that isn’t citibank.com? Check
SSL certificat not issued to Citibank? Check
So this must clearly be a phishing email, right? Actually I think it’s not. But it’s definitely not very smart.
Citibank has some instructions so I will report this as phishing. Let’s see what their reply is…