The URL displayed like this:
www.citibank.com/?qSEMndGSGqMburfeUKU84ew3p36o9d7i1uVI93ZDK6f4z3KrnhLpZ3h087h
But it was actually something like this:
http://www.google.com/url?q=http://www.google.com/url?q=http://blogs.geekdojo.net/brian
Except the end of the URL wasn't http://blogs.geekdojo.net/brian, It was a completely encoded string pointing to the actual Phishers website.
Read More