Citibank Scammers Never Sleep
One of our readers recently forwarded us the e-mail below along with this note:
Received this email. Don't have and never have had any account with CitBank. Didn't know if it was actually from CitiBank trying to get customers or a scam to get account information.
From: CitiBank
To: XXXXXX@aol.com
Sent: Friday, February 13, 2009 3:01 PM
Subject: [Alert] : Update Your Account Information
Dear Customer
We urgently need you to update your online banking security details by following the link below. This is due to a security patch that will stop fraudsters logging into your account.
CitiBank Update Page
Thanks for your co-operation.
Fraud Prevention Unit
Legal Advisor
© 2009 Citibank & Co.
Our reader's second guess was correct. This is a phishing scam masquerading as an official e-mail from Citibank.
Despite the realistic looking logo, the hyperlink is a dead giveaway, and as Citi itself warns, never click on a link in a suspicious e-mail. For that matter, you should never click on an embedded link in any e-mail, since they can easily lead elsewhere.
Case in point. While the link says it will take you the "CitiBank Update Page," we discovered the link redirects you to a site in Krakow, Poland--one flagged by Firefox as a known source of identity theft malware.
"This web site at www.slogan.krakow.pl has been reported as a web forgery and has been blocked based on your security preferences. Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust. Entering any information on this web page may result in identity theft or other fraud."
Also, there is no "Fraud Prevention Unit" at Citibank, whose official name is Citigroup Inc., not "Citibank & Co."
If you get one of these e-mails, forward it to Citibank: emailspoof@citigroup.com
You should also forward it to the FTC: spam@uce.gov