Citibank Email requiring verification of users' email addresses is a scam ...

This spoofed Citibank email (see below) is in text only format and contains a link which you are urged to use to verify your email address.

Using that link will trigger 2 new browser windows, first we will see a genuine citibank.com page, then what appears to be a pop up window will appear in front of that. This is achieved through the use of JavaScript, and its purpose is purely to convince users that they are seeing a genuine pop up window generated by the Citibank page. The pop up window has been crafted to open without the address bar to prevent users from seeing the true URL which would reveal its bogus nature.

The URL used is http://telemaca.fromru.com/welcome3.html which resolves to a Russian web host.

Any information submitted is processed through a script located on the same server as the bogus content.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

DEAR Citicard Card-holders,

ThIs letter was seent by t_he Citbiank server to veerify _your_ E-mail addres.
You must complete this process by clicking on the_ link beelow and enntering
in the smal window your citibank_ Debit full Card nummber and CARD PIN that
_you use on_the local Atm machine. That is _done_ for your protection -V- becourse some of_our members no longer have access to their E_Mail adresses and we must verify it.

http://_my-citicard_ONLINE.org/?2Lr4tX7qRKEqH1knChJrhuCphuMCQOaUBCZ5z6wrQa

To verify your_ E_Mail adderss and accees your_ Citi_Bank account, clic on the_link beloww.

UzbfXNwHgNcTftm26fQ

The bogus web page ...