Beware: http://citibank.in
Jan. 29th, 2008 01:49 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
cheeniHere is my email to Citibank:
So the site is owned by Citi after all, but sits on the standard domain parking server of an ISP not known for its technical savvy, and running a version of Apache with known vulnerabilities. Great going Citicorp.
from: me
to: India Service <indiaservice@citicorp.com>
date: Jan 29, 2008
subject: http://citibank.in/
Hi Citibank Support,
Are you aware that http://citibank.in/ exists and isn't owned by you? It's a small step away from http://citibank.co.in/ your original website. I feel unsafe that you would let http://citibank.in/ exist - I fear that it's trivially simple for someone to hijack the http://citibank.in/ server and create a phishing website even if the current domain squatter has no such intention. I urge you in the strongest possible terms to take action.
Thanks,
...
to: India Service <indiaservice@citicorp.com>
date: Jan 29, 2008
subject: http://citibank.in/
Hi Citibank Support,
Are you aware that http://citibank.in/ exists and isn't owned by you? It's a small step away from http://citibank.co.in/ your original website. I feel unsafe that you would let http://citibank.in/ exist - I fear that it's trivially simple for someone to hijack the http://citibank.in/ server and create a phishing website even if the current domain squatter has no such intention. I urge you in the strongest possible terms to take action.
Thanks,
...
$whois citibank.in
Access to .IN WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Afilias registry database. The data in this record is provided by
Afilias Limited for informational purposes only, and Afilias does not
guarantee its accuracy. This service is intended only for query-based
access. You agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to: (a) allow,
enable, or otherwise support the transmission by e-mail, telephone, or
facsimile of mass unsolicited, commercial advertising or solicitations
to entities other than the data recipient's own existing customers; or
(b) enable high volume, automated, electronic processes that send
queries or data to the systems of Registry Operator, a Registrar, or
Afilias except as reasonably necessary to register domain names or
modify existing registrations. All rights reserved. Afilias reserves
the right to modify these terms at any time. By submitting this query,
you agree to abide by this policy.
Domain ID:D483227-AFIN
Domain Name:CITIBANK.IN
Created On:16-Feb-2005 06:32:58 UTC
Last Updated On:19-Feb-2007 22:58:34 UTC
Expiration Date:16-Feb-2010 06:32:58 UTC
Sponsoring Registrar:Net4India (R7-AFIN)
Status:OK
Registrant ID:N4IR-20310936793
Registrant Name:Citibank, N.A.
Registrant Organization:Citibank, N.A.
Registrant Street1:399, Park Avenue
Registrant City:New York
Registrant State/Province:New York
Registrant Postal Code:10043
Registrant Country:US
Registrant Phone:+91.1126253793
Registrant Email:info@indiaip.com
Admin ID:N4IR-20310936793
Admin Name:Citibank, N.A.
Admin Organization:Citibank, N.A.
Admin Street1:399, Park Avenue
Admin City:New York
Admin State/Province:New York
Admin Postal Code:10043
Admin Country:US
Admin Phone:+91.1126253793
Admin Email:info@indiaip.com
Tech ID:N4IR-20310936793
Tech Name:Citibank, N.A.
Tech Organization:Citibank, N.A.
Tech Street1:399, Park Avenue
Tech City:New York
Tech State/Province:New York
Tech Postal Code:10043
Tech Country:US
Tech Phone:+91.1126253793
Tech Email:info@indiaip.com
Name Server:NS1.NET4INDIA.COM
Name Server:NS2.NET4INDIA.COM
Access to .IN WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Afilias registry database. The data in this record is provided by
Afilias Limited for informational purposes only, and Afilias does not
guarantee its accuracy. This service is intended only for query-based
access. You agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to: (a) allow,
enable, or otherwise support the transmission by e-mail, telephone, or
facsimile of mass unsolicited, commercial advertising or solicitations
to entities other than the data recipient's own existing customers; or
(b) enable high volume, automated, electronic processes that send
queries or data to the systems of Registry Operator, a Registrar, or
Afilias except as reasonably necessary to register domain names or
modify existing registrations. All rights reserved. Afilias reserves
the right to modify these terms at any time. By submitting this query,
you agree to abide by this policy.
Domain ID:D483227-AFIN
Domain Name:CITIBANK.IN
Created On:16-Feb-2005 06:32:58 UTC
Last Updated On:19-Feb-2007 22:58:34 UTC
Expiration Date:16-Feb-2010 06:32:58 UTC
Sponsoring Registrar:Net4India (R7-AFIN)
Status:OK
Registrant ID:N4IR-20310936793
Registrant Name:Citibank, N.A.
Registrant Organization:Citibank, N.A.
Registrant Street1:399, Park Avenue
Registrant City:New York
Registrant State/Province:New York
Registrant Postal Code:10043
Registrant Country:US
Registrant Phone:+91.1126253793
Registrant Email:info@indiaip.com
Admin ID:N4IR-20310936793
Admin Name:Citibank, N.A.
Admin Organization:Citibank, N.A.
Admin Street1:399, Park Avenue
Admin City:New York
Admin State/Province:New York
Admin Postal Code:10043
Admin Country:US
Admin Phone:+91.1126253793
Admin Email:info@indiaip.com
Tech ID:N4IR-20310936793
Tech Name:Citibank, N.A.
Tech Organization:Citibank, N.A.
Tech Street1:399, Park Avenue
Tech City:New York
Tech State/Province:New York
Tech Postal Code:10043
Tech Country:US
Tech Phone:+91.1126253793
Tech Email:info@indiaip.com
Name Server:NS1.NET4INDIA.COM
Name Server:NS2.NET4INDIA.COM
So the site is owned by Citi after all, but sits on the standard domain parking server of an ISP not known for its technical savvy, and running a version of Apache with known vulnerabilities. Great going Citicorp.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2008-01-30 04:30 am (UTC)What they see is:
Are you that http://citi(something) and isn't by you? It's a small step away from http://citi(something) your website. I feel that you would let http://citi(something) - I fear that it's simple for someone to the http://citi(something) server and create a website even if the current has no such. I urge you in the terms to take action.
What they understand is:
I want to go to the citibank website but I am afraid, what to do?
What they will respond is:
Dear ...,
Thank you for your email. Please visit http://citibank.co.in/ (which will be suitably hyperlinked), for details about our services.
...
...
Note: Never click on links in emails, and never give your password to anyone, not even citibank staff.
no subject
Date: 2008-09-02 07:08 am (UTC)