User:Wikibob/Phishing

reported this phish site to citibank (DO NOT USE IT):

citi-protection.info

Results of experiments
Page text is: User ID

Password

Need help?

Remember my User ID

Sign on with an ATM/Debit Card number and PIN.

To get started, just sign on with your User ID and Password. Then you can take advantage of all this! Award Winning Services

The #1 Online Bank1 Free Online Bill Payment

The easiest way to pay virtually anyone, anytime!

Your Home Page The one place to manage your Citi accounts

Citibank was named the #1 overall banking website by Watchfire GomezPro, Watchfire's Benchmark and Assessment business unit, in its Internet Banker Scorecard? for Q4 2003. My Citi gives you access to accounts and services provided by Citibank and its affiliates. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.

phish site raw data
 Welcome to Citi  .username { FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, "sans serif" }	WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, "sans serif" } .password { FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, sans-serif }	WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, sans-serif }    .username { FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, "sans serif" }	WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, "sans serif" } .password { FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, sans-serif }	WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, sans-serif }       <td width="10" height="2"><img height=1 src="login_files/pixel.gif" width=10> <td width="188" height="2"> <td width="10" height="2"><img height=1 src="login_files/pixel.gif" width=10> <td width=109 bgcolor=#cccccc height="2"><img src="login_files/pixel.gif"> <td width=1 bgcolor=#cccccc><img src="login_files/pixel.gif"> <img height=1 src="login_files/pixel.gif" width=10> <img height=1 src="login_files/pixel.gif" width=10> <td width=109 bgcolor=#cccccc><img src="login_files/pixel.gif"> <td bgcolor=#cccccc colspan=5><img src="login_files/pixel.gif"> <td width=40 height="453"> <td valign=top width="100%" height="453"> <img height=20 src="Citibank_files/pixel.gif" width=166> <td width=5 height="453"><img height=8 src="login_files/pixel.gif" width=5 border=0>
 * 1) username {
 * 1) password {
 * 1) username {
 * 1) password {

</BODY></HTML>

phish site after entering invalid ID
Dummy field entries gives URL: citi-protection.info/login.php

and page text (with typo):
 * Please retun Back and enter valid User ID

phish site invalid ID raw data
Please retun <a href="javascript:history.back(-1)">Back</a> and enter valid User ID

trying to break phish site
https://a248.e.akamai.net/7/248/6345/c1cbc00cbbe135/web.da-us.citibank.com/images/36wav.gif
 * Result was blank screen from server

1234567890 12345678901234567890 123456789012345678901234567890 1234567890123456789012345678901234567890
 * Result: We have received your information . Thank you.

50 chars: 12345678901234567890123456789012345678901234567890
 * Result: We have received your information . Thank you.

Ditto for 70, 80, 90, 130 and 150 chars.

Try single quote: '
 * Result: directs to actual citibank.com

Double quotes: "
 * Result: We have received your information . Thank you.

Try invalid url at citi-protection.info Apache/1.3.27 Server at citi-protection.info Port 8

phish site files
http://citi-protection.info/login_files/sotmc_wyck.gif

Wikibob | Talk 19:30, 2004 Jun 12 (UTC)