phishing

Archived Posts from this Category

marketing& phishing19 Nov 2006 07:11 pm

Cingular is Phishing Me - Cingular Doesn’t learn either

Cingular just sent me my monthly statement. I smells really phishy just like Citibank’s email (see Citibank is Phishing Me - Do Banks Never Learn?).

The “Log in” link points to http://cwclick.cingular.com:8080/106…..0.%2Fmycingular. When clicked, IE and Firefox pop up the following warning dialog:

Warning! It appears that you are about to access a website that has non-standard web address format. Such sites may contain harmful entities such as viruses. We recommend you use extreme caution. Please change your preferences if you do not want to see this message again.

Very reassuring!

These companies should lead by example instead of being part of the problem. Tons of people get phished every day and such emails are definitely not sending the right signals. “Don’t worry about the funky looking URL. You can trust us. See the Cingular logo? There you go!”

Yahoo! is one step ahead and is educating its users. Only sign-in if you see your personal sign-in seal.

Comments Off
marketing& phishing& rant07 Nov 2006 09:27 pm

Citibank is Phishing Me - Do Banks Never Learn?

Phishing is a huge problem and you would think banks know better.

What is Citibank thinking? The email I just received contains:

Link text: www.citicards.com

Actual link (see status bar): http://info.citibank.com/WAR….4CA8377332533513….

Link destination: https://www.accountonline.com/View?docId=LoginCTP&siteId=…

Login form? Check

Citibank logos all over the place? Check

Domain that isn’t citibank.com? Check

SSL certificat not issued to Citibank? Check

So this must clearly be a phishing email, right? Actually I think it’s not. But it’s definitely not very smart.

Citibank has some instructions so I will report this as phishing. Let’s see what their reply is…

Comments Off