Phishing & BotNets
Fwd: Citibank e-mail looks phishy Nov 13 2006 12:05AM
Saqib Ali (docbook xml gmail com)
---------- Forwarded message ----------
From: Cid Carlos <Carlos.Cid (at) rhul.ac (dot) uk [email concealed]>
Date: Nov 12, 2006 5:00 AM
Subject: Citibank e-mail looks phishy
To: cryptography (at) metzdowd (dot) com [email concealed]

Citibank e-mail looks phishy

http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=339272126-

130061744t-110000005c

"A seemingly innocent e-mail from Citibank Australia introducing a new
online banking process has been mistaken for a phishing attack.
The e-mail was sent last month and described a new sign-on procedure
that promised to be "even more secure". As part of a security upgrade,
customers were asked to update their log-in credentials. The message
also asked recipients to log on to the bank's Web site and authenticate
themselves by entering their Citicard or credit card number, and ATM PIN
(!!).
The bank has a strict policy to safeguard customers from such scams. Its
online security section says: "Customers should understand that Citibank
will never send e-mails to customers to verify personal and/or account
information... It is important you disregard and report e-mails which...
request any customer information - including your ATM PIN or account
details."
A spokesperson for Citibank was surprised that the e-mail was confused
for a possible scam and denied the bank had contradicted its security
statements. "These are all online banking customers and are used to
receiving e-mails from us. I don't believe we have contradicted
ourselves ... there is only a link to the privacy policy and we always
tell people to type in the URL". Citibank's technical and fraud
departments will investigate the situation."

saqib
http://www.full-disk-encryption.net

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus