Home » Blogs » tarundua's blog

Now Citibank India benefits from phishing friendly mainsleaze spamvertizements

Submitted by tarundua on Tue, 05/27/2008 - 17:09.

Citibank India has in all likelyhood joined the growing list of phishing friendly mainsleaze spamvertizing financial institutions in India.

Sanitized version of the e-mail received from a spam operator in my inbox.
<Quote>
Welcome to Citibank Credit Cards,

For the first time in India, Credit Card application goes completely online!

This is FASTEST way to get a FREE-FOR-LIFE Citibank Credit Card.

^ No Documentation Required
^ No Calls At All- Its a completely ONLINE process

All you need to do is fill out the simple form below.
On approval, your credit card will be delivered to the mailing address provided.
Click HERE to Register

To remove from mailing list click here
</Quote>

Analysis
From Address: "Deepti Roy" Doesn't mean much could be a Joe Job.
Un-subscribe drop box: mailto:apna1.loan@gmail.com?subject=remove
Actually a spam drop box on Gmail to collect verified e-mail addresses for another mainsleaze shot.

Embedded tracker Image: http://www.netnivaran.org/etrack?eid=EMAILID&mid=CITI
Hosted on a windows shared hosting on rediff.com
Also the e-mail as apparently sent using rediff hosting.
Received: from winhosting11.rediff.com (winhosting11.rediff.com [202.137.236.64])
Also evident from the e-mailing done using "X-Mailer: Microsoft CDO for Windows 2000"

Redirection URL: http://www.s2d6.com/x/?x=c&z=s&v=XXXXX
Apparently the domain is hosted on IP that belongs to "Deal Group DGM Platform"

Could it have been a joe-job on Citibank India. Doesn't look likely to me.
The target landing page is here with an HTTPS url
https://www.online.citibank.co.in/portal/citiin/forms/citi_focuscards_index.jsp?eOfferCode=DGMtracker
and is displayed as the following screenshot
mainsleaze landing page citibank india
Shudder: They ask for the existing relationship number with the Citibank on their site after a person reaches a landing page over there through a mainsleaze spamvertizement, how much more phishing friendly can a bank get.

More fun, received more spamvertizement trying to promote shine.com from the same set of morons hosted on rediff and redirection url on the same domain s2d6.com.

Action Taken: Sent an abuse report to Rediff and awaiting response.
Update: 30th May 2008: No response received from Rediff. Welcome to problem free spamhaus in India.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
Are you Human enough ?
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.

Popular content

Today's:


Last viewed:
Syndicate content