An incredibly poor representation of a forged Citibank email but a complex approach to delivering forged content made to look more realistic by involving a genuine Citibank web page ...

This forged Citibank email really is very poor quality just by virtue of its terrible spelling. The link is of-course disguised using HTML code and will lead your browser into a complex 'adventure' where it will visit around 5 different domains before opening two windows ... The first window (largest - see below) opens the genuine citibank.com home page, and the second window comes in the form of what appears to be a pop up triggered by the genuine citibank page. This is not the case though, and the two windows are independent. The only relation they have is that the pages opened prior to them were scripted or coded to open those pages separately.

Our purpose in publishing this particular example is the complex nature of delivering the forged content.

Form data (in the pop up style window) is captured by a PHP script located on the same server as itself.

The Spoof Email ...

To _verificcation_of your _e-mail_ adress click on_the link :

http://ht-brands.aol.com/ams/clickThruRedirect.adp?1,07413,http://%75%62%7
0%63588%67.%43%6a%42.%6E%45%74/?%4e%69%68%72%49%697%
67%4b%78%59%63%546%4f%65%55

and_enter_ in the_ sma|| winddow _your_
Citi_group D_e_b_i_t_ _full_card_nummber_ and card pin
that you_use on_the local Atm machine.

mLA5 VA 43Q3o6

The bogus web page ...

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.