Their real domain is SOMECOMPANYNAMEHERE.COM but as you see they made a special domain just for email clicks. I thought at first this was a scam email, but then tried clicking and sorted out that it redirects to the real site and login.
But man you can't even easily trust real emails if you're paying attention, i dont know how regular people will defend against stuff like this.
This likely happens to prevent the primary domain from being blacklisted. Many companies including key ESPs will register multiple domains to combat potential spam listings and blacklists. It's possible they rotate through a number of similar domains to ensure if any are blocked they have backups available for use until those get unblocked.
One problem is that if a subdomain gets hacked it can be used for XSS as subdomains are trusted by the TLD, which might be a reason why they don't want every division to use a domain under the TLD.
I recently got an email from them to check on a transaction that settled, the domain was:
https://click.SOMECOMPANYNAMEHEREinvestments.com/? ...
Their real domain is SOMECOMPANYNAMEHERE.COM but as you see they made a special domain just for email clicks. I thought at first this was a scam email, but then tried clicking and sorted out that it redirects to the real site and login.
But man you can't even easily trust real emails if you're paying attention, i dont know how regular people will defend against stuff like this.