Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation

Divider









Phishing Scammers Target Citibank

Summary:
Emails, supposedly from Citibank, request recipients to click on a link and provide sensitive information on a website.



Status:
False

Examples:(Submitted, 2004)


Example 1 Example 2

Example 3
[Click images for full size view]



Part of another very crude example:
To_ verificatioon of your email_ address click on the link http://go.msn.com/HML/6/2.asp?target=ht%54P%3a%2f/tqp009g7e.com*1 560%2E%44A%2Eru%2f?GnccGz4zgCJVGWt2VhmI60ha

and enter on_the |itt|e window_ _your _citibank _D e b i t full Card nummber and PIN_ that _you use in the Atm_machine.




Commentary:
Citibank is currently the target of a series of phisher scams designed to steal sensitive personal information from Citibank customers. Scam emails, supposedly from Citibank, have been randomly mass mailed to thousands of Internet users. The scammers rely on the statistical probability that at least a few of the recipients will be Citibank customers and that a small number that are customers will fall for the scam.

The scam emails generally take the form of HTML messages designed to resemble official Citibank correspondence, complete with authentic looking logos. The emails cover a range of subjects, including "Account Updates", information on "Security Updates" and "Banking alert confirmations". Links included in the emails lead to a bogus website that looks like the real Citibank site and requests victims to provide account numbers, passwords and other personal information.

Citibank has comprehensive information about these scam emails, including examples, on their website. (Click on the "Consumer Alert" link).

As a rule of thumb, be wary of any email that asks you to provide sensitive personal information such as banking details. Most legitimate companies would not request such information from customers via a method as potentially insecure as email. If you have any doubts at all about the veracity of the email, contact the company directly.


Write-up by Brett M.Christensen