Phishing & BotNets
Fwd: Citibank e-mail looks phishy Nov 13 2006 12:05AM
Saqib Ali (docbook xml gmail com)
---------- Forwarded message ----------
From: Cid Carlos <Carlos.Cid (at) (dot) uk [email concealed]>
Date: Nov 12, 2006 5:00 AM
Subject: Citibank e-mail looks phishy
To: cryptography (at) metzdowd (dot) com [email concealed]

Citibank e-mail looks phishy


"A seemingly innocent e-mail from Citibank Australia introducing a new
online banking process has been mistaken for a phishing attack.
The e-mail was sent last month and described a new sign-on procedure
that promised to be "even more secure". As part of a security upgrade,
customers were asked to update their log-in credentials. The message
also asked recipients to log on to the bank's Web site and authenticate
themselves by entering their Citicard or credit card number, and ATM PIN
The bank has a strict policy to safeguard customers from such scams. Its
online security section says: "Customers should understand that Citibank
will never send e-mails to customers to verify personal and/or account
information... It is important you disregard and report e-mails which...
request any customer information - including your ATM PIN or account
A spokesperson for Citibank was surprised that the e-mail was confused
for a possible scam and denied the bank had contradicted its security
statements. "These are all online banking customers and are used to
receiving e-mails from us. I don't believe we have contradicted
ourselves ... there is only a link to the privacy policy and we always
tell people to type in the URL". Citibank's technical and fraud
departments will investigate the situation."


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus