• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Phishing at Citibank?

RSLancastr

www.StopSylvia.com
RSLancastr
Joined
Sep 7, 2001
Messages
17,135
Location
Salem, Oregon
I received an email today, supposedly from "support@citibank.com", but which was pretty obviously an attempt to steal my account information.

They had stolen graphics from the actual citibank site, and much of the wording as well. Many links in the email led to pages on the actual citibank site.

However, the one link they requested that I follow, where I could "update my Citibank card information" was not to Citibank.com, but rather to an IPS address. Being behind a firewall at work, I went to the link, which was a page containing a for where I was supposed to fill in my card number, user name, password and more.

As though Citibank would need this info. Riiiiight.

I would simply ignore this, but what has me worried is the fact that JUST YESTERDAY I was on the real Citibank site, paying a bill. Now I am wondering if they somehow got my email address by "listening in" while I was on the site... Of course, they may well have just sent this email to every email address they know, but still... a little worrisome.

Thoughts?
 
RSLancastr said:
I received an email today, supposedly from "support@citibank.com", but which was pretty obviously an attempt to steal my account information.

They had stolen graphics from the actual citibank site, and much of the wording as well. Many links in the email led to pages on the actual citibank site.

However, the one link they requested that I follow, where I could "update my Citibank card information" was not to Citibank.com, but rather to an IPS address. Being behind a firewall at work, I went to the link, which was a page containing a for where I was supposed to fill in my card number, user name, password and more.

As though Citibank would need this info. Riiiiight.

I would simply ignore this, but what has me worried is the fact that JUST YESTERDAY I was on the real Citibank site, paying a bill. Now I am wondering if they somehow got my email address by "listening in" while I was on the site... Of course, they may well have just sent this email to every email address they know, but still... a little worrisome.

Thoughts?
Click to expand...

Don't be suprised by that fact.

Phishers are getting better all the time.

In fact, on this site, there is a Phishing Site creator who is offering pages that look, act, and are exactly like the real deal.

http://forum.carderplanet.com/viewtopic.php?t=28404

(Note, what is offered on the site above is extremely illegal. Do not attempt to contact any of these people making offers. I will not be held responsible for any actions you are willing to commit on this website. The FBI has been monitoring the actions of these people for some time. )

However, I do highly recommend that your forward the email to these people:

http://www.millersmiles.co.uk/index.htm

They post regular alerts for new scam/phishing sites and emails.

That, and I would also go to www.citibank.com and file a report of the email.


Most likely, the scammers fingered the ports at www.citibank.com and got your email address, with a large amount of other Citibank users.

Here is a link that explains the hack in better details:

http://www.private.org.il/harvest.html
 
I've received that spam Citibank email and I don't even have any accounts with them. I doubt very much they somehow monitored your access to them.
 
I agree with garys_2k - I have no association with Citibank, but my email address is known to spammers, and I received the email a while back. I even posted the content of it in reply to someone else's thread in Community.

There might be some way they could have culled your name, but it's much more likely they're just hitting everyone in some spam list.
 
I forwarded the one I received to them, too. Good idea, let's them know how their being scammed. I wonder, too, if they could somehow prevent their graphics from being relayed by the selective IPs, associated with the scam sites. Prob'ly not.
 
Hey! I just got another one! This is the text, interesting that they use recent fraud emails as a way to commit more fraud.

The link looks wierd because I always render email to text. It makes the text of the URL and the actual link show up.

Recently there have been a large number of identity theft attempts targeting
Citibank customers. In order to safeguard your account, we require that you
update your Citibank ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please
note that we have no particular indications that your details have been
compromised in any way.

This process is mandatory, and if not completed within the nearest time your
account may be subject to temporary suspension.

To securely update your Citibank ATM/Debit card PIN please go to:

https://www.citibank.com/signin/citifi/scripts/login2/update_pin.jsp
<http://218.62.39.59:8000/verify/citipop.htm>

Please note that this update applies to your Citibank ATM/Debit card - which is
linked directly to your checking account, not Citibank credit cards*.
*
Thank you for your prompt attention to this matter and thank you for using Citibank!

Regards,

Nigel Goff
Head of Citi® Identity Theft Solutions


Copyright © 2004 Citicorp. All rights reserved.
Do not reply to this email as it is an unmonitored alias.

bquhfdd zbtjoa xolhgqmrxlvi bjipmzvynqunt
Click to expand...

Edited to add - I forwarded this to Citibank. Thanks for the address to report it, Wildcat.
 
Thanks to all.

I will forward the two copies I got of the email (I got a second less than an hour after receiving the one I mentioned in the OP) to the address WildCat supplied.

Thanks again, -RL
 
Here's another site of interest.
http://www.cybercrime.gov/

I got a LOT of 'Paypal' spam that was nearly indistinguishible from paypal email for a while. Same deal. "Update your account information." Paypal has an email address to forward these things to: spoof@paypal.com.

I forwarded each email as an attachment, and eventually the email messages stopped, as if by magic.
 
evildave said:
Here's another site of interest.
http://www.cybercrime.gov/

I got a LOT of 'Paypal' spam that was nearly indistinguishible from paypal email for a while. Same deal. "Update your account information." Paypal has an email address to forward these things to: spoof@paypal.com.

I forwarded each email as an attachment, and eventually the email messages stopped, as if by magic.
Click to expand...

Not really Dave.

Most Phishers only hit a source once, then move on.

Paypal is really a joke of a company in the first place.

Don't believe me, go here:

www.paypalsucks.com
 
I have gotten a bunch of real looking scams. I would like to know how they can have an address that is the same as Paypay, for example.
 
Well, those lovely spoofing features are part of HTML!

You can tell it to display one piece of text, and link to a completely different thing. Even worse, the link can "say" it's going to "citibank.com" but actually go to some unnamed dot path.

Isn't that convenient? And IE/Outlook is perfectly happy to display ONLY the 'friendly' information.
 
evildave said:
Well, those lovely spoofing features are part of HTML!

You can tell it to display one piece of text, and link to a completely different thing. Even worse, the link can "say" it's going to "citibank.com" but actually go to some unnamed dot path.

Isn't that convenient? And IE/Outlook is perfectly happy to display ONLY the 'friendly' information.
Click to expand...

Anyway around this?
 
Ed said:
Anyway around this?
Click to expand...
Well, you can right click on a link and hit "properties" and get the full skinny on it.

Or just don't use IE Explorer/Outlook (gradually going that way myself, except that I'm forced to use 'em at work).

--Dan
 
You must log in or register to reply here.

Back
Top Bottom