Phish Landing Page Hosted on Citibank Server Redirects to Phish on Microsoft Server

I recently came across a phishing emails with a link leading to a subdomain of, owned by Citibank. Further investigation shows that this particular subdomain is used by Citibank for marketing emails.

You can see the link, rewritten by an email security system, links to, shown in brackets at the end of the link.

Here is the page I was redirected to from the landing page on Citibank to a subdomain of

I notified Citibank of the phish landing page on their servers and it appears they and Microsoft have taken it down from their respective pages.


Leave a Reply

Your email address will not be published. Required fields are marked *