It's so phishing-sounding that I want to believe it was chosen after a quick focus group with the "people who are most likely to become fraud victims" demographic.
I had to go check the certificate chain to make sure it was legit, and they're using an amazon-generated certificate that appears legitimate. Definitely looks fishy but I think they're just that bad at making trustworthy websites.
DV certs don't say anything about who the own the website. Just that the website is the URL you are trying to visit. Someone else could have registered the url and created the website, so checking the certificate chain doesn't prove anything.
EV certs on the other hand at least claim to verify who owns the website but even then I would be cautious.
Right, I was mostly looking to see if it was some dodgy cert provider - Amazon is on my mental list of questionable-but-not-obviously-scammy ones. EV certs, to me, just mean 'this cert is intended to secure company x's sites', not 'company x controls this site'. So an obvious on-page-text mismatch to the cert raises red flags, for example.