We received an email here at BRG to review an SMS message that was received for possible malicious activity... phishing
As initially thought when reported the website is an attempt to steal login credentials. The website https://m4-citi.com serves no other purpose. Cpanel setup per recon.
When reviewing the full url it is noted that token tracking is implemented (token=438ff06f...............)
When "Invalid User ID or Password" is returned the token is updated (token=9c8508b88e..............)
Whois of m4-citi.com continually points to address " P.O. Box 1769 Denver, CO 80201" which is stapled to malicious activities while Registered to Domain Protection Services Inc., including but not limited to: Fraud, DNS hijacking, and spam
Reported to spoof@citi on Dec 6th 2021
- A. Buford
- Dec, 6th 2021