A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

« AOL settles with spam king | Main | Profits by proxy »

February 7, 2005

Swimming in phish domains

h_cg.gifMy spam filter caught a message today that I assumed was a phishing scam. It said I was eligible for a $5 credit on my Citibank account if I signed up to receive electronic statements of my account activity.

Here's why I assumed it was a phish. The email headers listed the domain citibankcards.com, whereas the HTML message body wanted me to click a link that said universalcard.com. But the link actually went to a site called citicards.com. (Phishing scammers love to register look-alike domains and trick people into visiting them to cough up their account info.)

I looked up the registration for citicards.com, and it turned out to be legit and belong to Citigroup. But according to the nifty reverse IP feature at whois.sc, there were 73 other websites at that same IP address, including Citgocelebrity.com Citi-commerce.com Citi-fxlink.com Citi.com Citi.net Citibank-ebilling.com, etc.

Meanwhile, a look-up on citibankcards.com showed it was also legit. There were some 53 domains at the same IP address, including Citibankchina.com Citibanktoolbar.com Citibanktoolbar.net Citibusinesscreditcards.com Citicard.com Citicashcard.com Citicheck.com Citicommerce.net Citicorp.com Citicorpselect.com Citigroupinfo.com Citigroupkids.com Citigrouponthenet.com, etc.

Finally, I checked out Universalcard.com. Thirty seven domains at the same IP address, including Citgoplus.com Citi-exchange.com Citiaccess.com Citibankebilling.com Citibankloan.com Citibanknigeria.com Citibankprivatebank.com Citibankworldlink.com, etc.

I realize banks and other trademark holders need to register lots of domains to protect against phishing attacks and cybersquatters. But how are consumers supposed to keep track of which domains are legit? Wouldn't it make more sense for companies like Citigroup just to use one domain for their communications with customers?

Posted by brian at February 7, 2005 1:27 PM


Why don't you send this to CNET, with the headline "Why is Citibank contributing to the Phishing epidemic?"

Posted by: Mark at February 7, 2005 3:55 PM

Heh, or better yet, maybe I should ask the folks at Citibank. In any case, this incident certainly distracted me from signing up for their e-statement service.

Posted by: Brian at February 7, 2005 7:28 PM


Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: