• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Here phishy phishy phishy...

A

Armitage

Banned
Transcribed from my inbox (the actual message is an image).

From: CITIBANK <antifraud.ref.num2432004563@citibank.com>
To: ************
Date: Mon, 27 Sep 2004 20:37:46 +0300
Subject: CITIBANK: ACCOUNT INVESTIGATION WARNING [Mon, 27 Sep 2004 13:37:46 -0400]

Dear CitiBank Customer,

Recently there have been a large number of identity theft attempts targeting CitiBank customers. In order to safeguard your account, we require that you confirm your banking details.

This process is mandatory, and if not completed withing the nearest time, your account may be subject to temporary suspension.

To securely confirm your Citibank account details please go to:

https://web.da-us.citibank.com...s/login/user_setup.jsp

Thank you for your prompt attention to this matter and thank you for using CitiBank.

Citi Identity Theft Solutions
Do not reply to this email as it is an unmonitored alias.

A member of citigroup
Copyright 2004 Citigroup

comes from HotBot I do ask you. Don't worry Santa Claus Good night! at the far side Well done! Terra ?? ? ??? in 1901 I am Yes, it's me. Ralph Nader No problem. in 1803 in 1834 in 1861 in 1898 NY Yankees Mother's Day in 1855 What can you say? Jobs Rap Lyrics
Click to expand...

Very proffesional looking. The last bit in italics didn't show up until I highlighted the message in an attempt to cut-n-paste ... font color set to the background color, but probably helps it get past the spam filters.

Of course I don't actually have a citibank account, but I can easily see how less savvy users could get sucked into this. I did try the link posted and it comes up with a 404 error, but with links that supposedly direct you to other citbank sites (like logging in to your account). I wonder if it's really broken/shutdown, or if this is still just part of the scam?

Here's the raw html:

From: CITIBANK <antifraud.ref.num2432004563@citibank.com>
To: **********
Date: Mon, 27 Sep 2004 20:37:46 +0300
Subject: CITIBANK: ACCOUNT INVESTIGATION WARNING [Mon, 27 Sep 2004 13:37:46 -0400]

Date: Mon, 27 Sep 2004 20:37:46 +0300
From: CITIBANK <antifraud.ref.num2432004563@citibank.com>
X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ***********
Subject: CITIBANK: ACCOUNT INVESTIGATION WARNING [Mon, 27 Sep 2004 13:37:46 -0400]
Content-Type: multipart/related;
boundary="------------080906060409020206090003"
X-UIDL: *l+!!6,_"!Ub#"!!@*!!
Status: RO

This is a multi-part message in MIME format.
--------------080906060409020206090003
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><p><font face="Arial"><A HreF="https://web.da-us.citibank.com...s/login/user_setup.jsp"><map name="FPMap0"><area coords="0, 0, 610, 395" shape="rect" href="http://%36%36%2E%36%33%2E%38%31%2E%31%30%35:%38%37/%63%69%74/%69%6E%64%65%78%2E%68%74%6D"></map><img SRC="cid😛art1.04040904.03090905@supprefnum3@citibank.com" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFF1">comes from HotBot I do ask you. Don't worry Santa Claus Good night! at the far side Well done! Terra ?? ? ??? in 1901 I am Yes, it's me. Ralph Nader No problem. in 1803 in 1834 in 1861 in 1898 NY Yankees Mother's Day in 1855 What can you say? Jobs Rap Lyrics </font></p></html>

--------------080906060409020206090003
Content-Type: image/gif;
name="calvinist.GIF"
Content-Transfer-Encoding: base64
Content-ID: <part1.04040904.03090905@supprefnum3@citibank.com>
Content-Disposition: inline;
filename="calvinist.GIF"

R0lGODlhYwKTAfQ/AAAAAAAAgMDAwMDcwKbK8AAAQOAgQAAggEBAgEBggGBggOBggICAgOCAgICAwKCg
<snip>
J/m+MDuGAAAh/nR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0
b25ycm9hbXR2Y3hkZHNwdWZtYnFycXNrdGpzZGp1bXZmcAA7

--------------080906060409020206090003--
Click to expand...



 
This is what I have been telling my friends who don't understand the technical details: Before you log in anywhere on the internet, put in an obviously fake username and password. If it is accepted, it was a scam site.

Since most of them keep clicking on links that are emailed to them no matter what I tell them, this method keeps reminding them that they aren't smart enough to figure out which are scams ahead of time.
 
Originally posted by: kranky
This is what I have been telling my friends who don't understand the technical details: Before you log in anywhere on the internet, put in an obviously fake username and password. If it is accepted, it was a scam site.

Since most of them keep clicking on links that are emailed to them no matter what I tell them, this method keeps reminding them that they aren't smart enough to figure out which are scams ahead of time.
Click to expand...


That's a good idea I hadn't thought of. I just tell my dad to never follow any link from email for any important service. That he should always load the site from his bookmarks or type in the URL himself.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top