*ALERT* credit card scam alert !!!!!

[jimmyhaha]

sorry for posting this in Hot Deal, but I know a lot of u only read HD forums.

Click me

- Must disable browser pop-up
- too bad the email has so many spelling errors u won't be fool (they should at least use a spell-checker, I believe the email is target non-English speaking customer)
- but they are really good (notice they use the actual real site, thus real url but add their own pop up, spiffy)

Update: Version with no spelling errors, see citibank alert for details.

http://www.citi.com/domain/spoof/email_alert.htm?s=111803

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Explanation: http://www.citibank.com:check-Orquaemy1ODNN6ituftj@ndieu9fd.da.RU/?TnO2iGhnT5Vyxm2

Any thing before the @ sign is garbage. u are redirect to a url in Russia. :Q

------------------------------------------------------------------------------------------------------------------------------------------------

X-Message-Info: JGTYoYF78jGxQKj6iAaoSrCksg3MtrlR
Received: from evafan.com ([4.8.240.172]) by mc11-f16.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713);
Wed, 10 Dec 2003 05:22:11 -0800
Received: from citibank.com (mail4.ssmb.com [199.67.139.129])
by evafan.com (Postfix) with ESMTP id 8D899D0B7B
for <xxxxxxxxxx.com>; Wed, 10 Dec 2003 08:21:52 -0500
Message-ID: <6.0.0.22.1.20031210082152.06da6d15@citibank.com>
X-Sender: sensuous@mail4.ssmb.com
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Reply-To: CitibankOnline <CitibankOnline137@citibank.com>
Date: Wed, 10 Dec 2003 08:21:52 -0500
To: xxxxxxxxxx <xxxxxxxxxx@msn.com>
From: CITIBANK <CITIBANK13@citibank.com>
Subject: Citionline EMAIL Verification - xxxxxxxxxx@msn.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-milter at evafan.com
Return-Path: CITIBANK13@citibank.com
X-OriginalArrivalTime: 10 Dec 2003 13:22:23.0359 (UTC) FILETIME=[A58918F0:01C3BF20]

Dear CitibankOnline User,



This letter was sent by the Citicard serevr to veerify your email

address. You must cpelotme this posercs by clicking on the link

below and enteering in the smmall window your Citibank Debit

full card nummber and Card Pin that you use on local Atm.

This is done for your ptecortion -N- becourse some of our memmbers no

legonr have acescs to their email adrdssees and we must verify it.



To veerify your e-mail addres and access your Citi-bank account, clic on

the link beloow. If ntohing happnes when you klick on the link -w copye

and paste the link into the adderss bar of your window.




<a target="_blank" href="http://www.citibank.com:check-Orquaemy1ODNN6ituftj@ndieu9fd.da.RU/?TnO2iGhnT5Vyxm2">http://www.citibank.com/?TBpgDgUq40Kxu0POTfFJyk2W48RCGfFnQ5EukzVpAGY5GNVo3A</a>




---------------------------------------------

   Thank you for using Citi-Card!

---------------------------------------------



This automaitc email snet to: xxxxxxxxxx.com

Do not reply to this email.



aCWcz0kqD1Htoyn42JEX

 

[hamburglar]

hahahaha, so many spelling errors

 

[mundane]

I'm insulted that they expect people to be fooled by the email, especially with all the errors - and then I'm insulted again when I realize some people are. I usually forward these to the companies - Citi, Paypal, Ebay, in the hopes that somehow they can prevent people from falling for this. If scamming were not effective, these bottom feeders wouldn't try it anymore. But while I'm at it, I might as well dream of world peace and all that jazz. The Internet Makes You Stupid.

 

[Braxus]

Ah... just entered some made up information. Hope they have fun with that one. 😉

 

[carmann]

I rec'd that email 2 days ago and it didn't have those spelling errors.

Anyone with half a brain would know it was a scam as no legit company would ever ask you to enter your cc# and pin to verify anything. If anyone was dumb enough to do it, they deserve to have their cc raped.

 

[CheetahMk2]

Anatomy of a fake URL:

1.) Uses a different text name than the link actually in it. e.g. having a <a href=&quot;http://www.google.com&quot;>http://www.yahoo.com</a>

<a href=&quot;http://www.citibank.com:check-Orquaemy1ODNN6ituftj@ndieu9fd.da.RU/?TnO2iGhnT5Vyxm2&quot;>http://www.citibank.com/?TBpgDgUq40Kxu0POTfFJyk2W48RCGfFnQ5EukzVpAGY5GNVo3A

2.) Some type of password-identifyer; in this casen www.citibank.com

3.) The password: check-Orquaemy1ODNN6ituftj

4.) The ultimate giveaway, the reference that it is a L😛@site login: @ ndieu9fd.da.RU

Always check these things. And, even if the URL on the page is right, all they have to do is have a popup without an address bar. Be careful.

 

[smokedturkey]

I'm insulted by the guy starting this thread, you think people are too stupid to see that is a scam that you need to start a thread about it. Heck, I can't even READ that crap.

 

[jimmyhaha]

I'm insulted by the guy starting this thread

If the email have no spelling error, ppl will fall. btw, which part of the thread insult your intelligence ?

well, at least better than your post with that kind of cr@p

http://forums.anandtech.com/messageview.cfm?catid=40&threadid=1180167

I guess you can kiss my @ss, since I don't have a gazillion posts like some other lamer anandtecher losers

yeah, right.

 

[waitman]

Originally posted by: smokedturkey
I'm insulted by the guy starting this thread, you think people are too stupid to see that is a scam that you need to start a thread about it. Heck, I can't even READ that crap.

No, sadly people do fall for these scams, I recieved one a couple weeks ago with perfect spelling. I forwarded it to citibank. People new to this type of thing might be fooled.

 

[SimMike2]

Originally posted by: waitman

Originally posted by: smokedturkey
I'm insulted by the guy starting this thread, you think people are too stupid to see that is a scam that you need to start a thread about it. Heck, I can't even READ that crap.

No, sadly people do fall for these scams, I recieved one a couple weeks ago with perfect spelling. I forwarded it to citibank. People new to this type of thing might be fooled.

I believe it. Afterall a big minority of the country voted for Bush last election, so intelligence is obviously not some peoples strong suit.

 

[fatkorean]

You think that is bad.. take a look at this...here I posted this on OT and noone really seems to care.
The two main links are this
link 1 Once you click this link, click the link that says Click for the Symantec Home page. When you do this, check your status bar and once clicked, check your address bar. Then right click on the page and goto properties.

And also
https://www.paypal.com Once here, check the address bar and notice the lock on the bottom right. And check the address once again.

-fk

 

[jimmyhaha]

lol, combine IE url vulnerbaility with this and u will have a LOT of ppl fooled, lol..

notice that fake paypal site is SSL enabled (little lock icon), as any one can sign their on SSL cert...

hmm... more ppl will fall for this, not good. 🙁

 

[straubs]

Why do you post this in hot deals? I *know* you are trying to help, but really, does it help if I post a message that says:

Hey, keep your house doors locked!!! It has become known that burglars have been breaking into peoples houses this christmas and stealing their stuff!!

This is not a new thing. These bank scams have been front page news on regular old printed newspapers. I am only surprised since you're a platinum member, so you've no doubt seen many of these and replies such as mine says "why did you post this here?" 😛