A lengthy email entitled Protecting Yourself From Internet Fraud is a forgery and part of a phishing scam...

A snapshot of the Spoof Email ...

This is the full text of the email...

Financial institutions around the world have always been subject to attempts by criminals to try and defraud money from them and their customers. These attempts can occur in a number of ways (eg credit card fraud, telephone banking or Internet scams).

As a part of our ongoing commitment to provide the "Best Possible" service to all our Members, we are now requiring each Member to validate their accounts once per month.

To validate your personal CITI online banking account follow the link below:

http://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/&M=S&US&_u=visitor

These security measures are necessary to protect the integrity of your account. We apologize for any inconvenience this may cause you now, we know that in the long run this added security measure will help to keep your accounts protected at all times.

Two examples of common Internet scams include:

• Attempting to steal a customer's login details by sending out emails which appear to be from a financial institution, and requesting personal details (eg Customer number and password)
• Creating a website, which looks similar to a financial institution's, but acts as a 'ghost website' capturing customer details and using them to transact on the customer's account

CITI views all matters of security as serious. Following are a number of quick and easy methods to help you protect your details online.

• Check you are connected to a legitimate CITI website
• Check your email has come from CITI
• Protect your financial records
• Protect your computer
• Keep your password safe
• Guard your privacy

Check you are connected to a legitimate CITI website
It is important for you to be certain that your browser has connected to the real CITI Internet Banking site.

Every time you connect to Internet Banking, the service sends your browser a piece of information called a 'digital certificate'. This certificate securely identifies the site you are connecting to, and is used to establish the encrypted session. You can view the contents of the certificate when you are connected. For Microsoft Internet Explorer 5.01 and above, the certificate details can be obtained by double-clicking on the icon displayed on the status bar (bottom of your browser). For Netscape Communicator 4.77, click on the icon on the status bar and click the 'Page Info' button.
This certificate has been 'digitally signed' by Verisign, the most recognised issuer of digital certificates in the world. Most browser software is written to automatically recognise any certificate 'signed' by Verisign.
Make sure you check the fields of the certificate. The 'Issuer' field should contain a reference to Verisign. The 'Subject' field should always show the organisation as CITI Banking Corporation.

Each certificate also has a 'digital fingerprint' which is essentially a string of numbers. Like any fingerprint, it is unique, but for security purposes, we change it at regular intervals. You can verify the fingerprint by contacting the CITI Internet helpline on 1300 655 505.

If you have any concerns about the authenticity of our website contact us on 1300 655 505.


Check your email has come from CITI
It is important that you only act upon instructions and advice from legitimate CITI emails. Some criminals have access to certain technologies that allow them to send emails, which appear to be from CITI, but are in fact from the fraudsters.

You should be aware that all legitimate CITI emails use the same style, layout, terminology and language. You should also be aware of the following actions you can take to ensure your security:

• CITI will never ask for your personal or login details by email
• Under no circumstances should you send your personal details by return email
• All CITI emails will have a reference or link to security information
• Delete junk emails and don't open email attachments from strangers as they could contain malicious viruses
• Familiarise yourself with the appearance of our emails. Always keep a copy of a legitimate email to compare against any suspicious looking emails
• The language and text used will be professional, and use correct terminology and grammar

Please remember to always contact CITI on 1300 655 505 if you have any concerns about the authenticity of an email, or if you have received a suspicious looking email.

Protect your financial records

• Always keep your tax records and other financial documents in a secure place
• When throwing out documents make sure your tax file number is not visible
• Don't disclose your account information over the phone unless you made the call yourself
• Request your personal information be deleted from marketing databases
• Be wary of emails/websites which ask you to provide your personal or account information - they may be from a fake company
• Keep photocopies of your records and contact numbers of your financial institution in a secure place, so you can contact them immediately if you suspect fraud or theft
• Ensure you check your bank statements for any transactions you didn't make

rotect your computer

• Install appropriate anti virus software on your computer, and keep it updated
• Update the anti-virus and firewall products with security patches or newer versions on a regular basis
• Always sign out of Internet Banking and close the browser window
• Be careful when using a public or shared computer (eg in an Internet cafe) and always ensure you log off and close your browser window

Protect your PC from viruses and other malicious software.

Keep your password safe

• Don't use your Internet Banking password for other services (eg video account, hotmail password, mobile phone service)
• Change your passwords regularly and never write them down

Guard your privacy

• Ask what the privacy policy is for the companies you provide your personal/bank details to, and find out how they handle such information
• Ensure these companies protect your privacy by collecting only what is necessary, and use this information only for reasons they disclose, ie they do not sell your personal details to marketing companies

If you suspect any misuse of your personal information, contact your financial institution immediately.

NOTE: If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.