Look at the screenshot above. Is it a legitimate banking website? A phishing website?
More likely than not it looks like a phishing webpage. Notice the interface — no indication of the banking institution whatsoever. But… the URL — it’s https!
For the record, this is in fact a legitimate website used by TD Bank and its international subsidiaries.
- Citi Bank uses: http://accountonline.com (No SSL — though I have been observing the domain does redirect to *.citi.com as of now)
- TJMaxx, Marshalls, HomeGoods uses: https://www.mycreditcard.mobi/mSecurity/Login/login.action?clientId=tjx&accountType=generic&langId=en
- Yet another company uses: https://www.myonlinecreditcard.com/BPPR_Consumer/Login.do
- … https://www.myaccountaccess.com/onlineCard/login.do
- …https://mycheckfree.com/
I mean just look at their choice of domain names! Who came up with these?!
If I was to design a Natural Language Processing (NLP) phishing algorithm, probably all of these would be flagged as phishing.
