Scam Alert: Citibank - Tilted Forum Project Discussion Community

Peetster · 01-15-2004, 06:01 AM

Claim: Citibank is sending out notices asking customers to log in and verify their accounts.

Status: False.

Example:

Origins: Yet another redirection scam (also known as "phishing") intended to deceive recipients into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. Citibank customers were the target of at least two similar scams in 2003.

In this case the fraudulent message appears to be coming from Citibank itself, falsely announces that Citibank has had to "block some accounts connected with money laundering, credit card fraud, terrorism and check fraud activity," and urges recipients to log in using the provided link and "check their checking and savings accounts" to verify that the accounts are still active and the current balances are correct. However, the page the user is taken to after clicking the link does not reside on Citibank's site; it's a phony page hosted on a Korean web site and camouflaged to look like a real Citibank page. After the user attempts to log in through the phony page (supplying his ATM or credit card number and PIN in the process), he's presented with an error message proclaiming that the login failed due to a "system overload" and is then redirected to the real Citibank site (thus helping to obscure that he supplied sensitive account information to a non-Citibank site).

Scams that trick the trusting into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by asking them for it. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service by telephone and ask them about the e-mail (or go directly to their web site — don't follow links provided in e-mail messages.) (Citibank also maintains an on-line form for reporting suspicious e-mails.)

The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner.

source:
Snopes

troit · 01-15-2004, 07:14 AM

Way to keep an eye out Peetster -- I'm sure like myself, our members appreciate it...

goddfather40 · 01-15-2004, 08:08 PM

I got this one the other day, spam filter did not filter it. I don't know why I didn't think it was serious, MAYBE THE PURPOSELY HORRID SPELLING???? Geez, people who fall for this one are really, really stupid.

Akira · 01-15-2004, 11:03 PM

Yeah My dad called me about that he said he wasn't sure if it was a scam or not seeing how it had horrible grammer, i told him to just keep it there but not open it till I knew whether it was or not. Thanks now I should give him a call.

MSD · 01-15-2004, 11:24 PM

Any URL containing a "@" that seems dubious, probably is. you'll notice that the URL ends with "@bavnb50fq.Da.ru/?"

In most cases, any text up to and including the @ can be ignored. This technique has been used notably in the past to make hoax CNN pages.

http://www.cnn.com@209.50.251.11/tfp...threadid=41551

Suddenly, you click a link that looks like CNN, and you're here at TFP. Now what if, instead of linking to TFP, I linked to my personal server with a hoax article made on a CNN template. Email it to a few people, they send it to a few people, it hits teh blogs, and two days later, the whole country "knows" about whatever I want them to know.

A piece of advice: if anyone ever sends you a CNN link with a @ redirect to an IP address (I'm not posting the IP here) followed by hello.jpg, do not click it, it's goatse.

01-15-2004, 06:01 AM	#1 (permalink)
Peetster Right Now Location: Home	Scam Alert: Citibank Claim: Citibank is sending out notices asking customers to log in and verify their accounts. Status: False. Example: Origins: Yet another redirection scam (also known as "phishing") intended to deceive recipients into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. Citibank customers were the target of at least two similar scams in 2003. In this case the fraudulent message appears to be coming from Citibank itself, falsely announces that Citibank has had to "block some accounts connected with money laundering, credit card fraud, terrorism and check fraud activity," and urges recipients to log in using the provided link and "check their checking and savings accounts" to verify that the accounts are still active and the current balances are correct. However, the page the user is taken to after clicking the link does not reside on Citibank's site; it's a phony page hosted on a Korean web site and camouflaged to look like a real Citibank page. After the user attempts to log in through the phony page (supplying his ATM or credit card number and PIN in the process), he's presented with an error message proclaiming that the login failed due to a "system overload" and is then redirected to the real Citibank site (thus helping to obscure that he supplied sensitive account information to a non-Citibank site). Scams that trick the trusting into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by asking them for it. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service by telephone and ask them about the e-mail (or go directly to their web site — don't follow links provided in e-mail messages.) (Citibank also maintains an on-line form for reporting suspicious e-mails.) The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner. source: Snopes

01-15-2004, 07:14 AM	#2 (permalink)
troit Transfer Agent Location: NYC	Way to keep an eye out Peetster -- I'm sure like myself, our members appreciate it... __________________ I've yet to dephile myself...

01-15-2004, 08:08 PM	#3 (permalink)
goddfather40 Llama Location: Cali-for-nye-a	I got this one the other day, spam filter did not filter it. I don't know why I didn't think it was serious, MAYBE THE PURPOSELY HORRID SPELLING???? Geez, people who fall for this one are really, really stupid. __________________ My name is goddfather40 and I approved this message. I got ho's and I got bitches, In C++ I branch with switches -MC Plus+

01-15-2004, 11:03 PM	#4 (permalink)
Akira Crazy	Yeah My dad called me about that he said he wasn't sure if it was a scam or not seeing how it had horrible grammer, i told him to just keep it there but not open it till I knew whether it was or not. Thanks now I should give him a call. __________________ -signature

01-15-2004, 11:24 PM	#5 (permalink)
MSD The sky calls to us ... Super Moderator Location: CT	Any URL containing a "@" that seems dubious, probably is. you'll notice that the URL ends with "@bavnb50fq.Da.ru/?" In most cases, any text up to and including the @ can be ignored. This technique has been used notably in the past to make hoax CNN pages. http://www.cnn.com@209.50.251.11/tfp...threadid=41551 Suddenly, you click a link that looks like CNN, and you're here at TFP. Now what if, instead of linking to TFP, I linked to my personal server with a hoax article made on a CNN template. Email it to a few people, they send it to a few people, it hits teh blogs, and two days later, the whole country "knows" about whatever I want them to know. A piece of advice: if anyone ever sends you a CNN link with a @ redirect to an IP address (I'm not posting the IP here) followed by hello.jpg, do not click it, it's goatse.