The TLD https://custhelp.com has a cert on it with the wrong name. *.rightnow.com. That seems to be the Oracle product. Seems to be some kind of Oracle CRM/helpdesk type deal. It should be hosted under the kiwibank domain to my mind. https://custhelp.kiwibank.co.nz or something like that. The site is even just using a custhelp.com wildcard cert issued to Oracle. It may not be hosting anything directly sensitive, but it doesn't look good and as said before, makes kind of OKs it for people visiting to associate kiwibank with alternate domains.
Try Vultr using this link and get us both some credit:
This is something I don't like about Kiwibank personally - everything feels very piece meal and like the left hand isn't part of the same body as the right. Eg this, their GE loans, etc
As for this specifically, I do think it gives people the wrong idea. Particularly those who are less savvy might get used to seeing kiwibank.somethingelse.com and associate that with being ok and safe. I think it is a phishing risk.
Twitter and LinkedIn »
Follow us to receive Twitter updates when new discussions are posted in our forums: