Attn: Security Update!Act Now!

Another Spoof Email and Phishing Scam report by MillerSmiles.co.uk - click this image to go to our home page.

Attn: Security Update!Act Now!
4th August 2004

please forward any scams you've received to spoof@millersmiles.co.uk

Report Summary
Date Reported	4th August 2004
Apparent Sender	Citi
Return Address	Citibank Support <citisafe@citibank.com>
Subject	Attn: Security Update!Act Now!
Format	HTML
Method	Submitted form data on spoof webpage is forwarded to a local script.
Bogus Web Content?	Yes
URL of web content	http://222.223.128.32/confirm/ Traced to a server in Peking, China
RISK LEVEL	MEDIUM
WARNINGS	1. The spoof email pretends to be from Citibank requesting verification of account details by clicking on a link. Link opens spoof Citi page where submitted details are forwarded to a local script. 2. Citi NEVER send out emails requesting details from users. 3. Real Citi home page is opened by a script in the background to provide an authentic looking backdrop to the fake page. 4. Spoof page claims to use 128-Bit encryption and displays a padlock symbol but no encryption is used.

"Dear Citibank Customer , We recently noticed one or more attempts to log in to your Citibank account from a foreign IP address and we have reasons to believe that there was attempts to compromise it with brute forcing your PIN number"...

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

Dear Citibank Customer ,

We recently noticed one or more attempts to log in to your Citibank
account from a foreign IP address and we have reasons to believe that
there was attempts to compromise it with brute forcing your PIN number.
No successful login was detected and you have full protection by now.
If you recently accessed your account while travelling, the unusual login
attempts may have been initiated by you.

The login attempt was made from:
IP address: 193.07.287.024
ISP Host: cache-824.proxyserver.cis.com

By now, we used many techniques to verify the accuracy of the
information our users provide us when they register on the Site.
However, because user verification on the Internet is difficult, Citibank
cannot and does not confirm each user's purported identity. Thus, we
have established an offline verification system to help you evaluate with
whom you are dealing with. The system is called CitiSafe and it's
the most secure Citibank wallet so far.

If you are the rightful holder of the account, click the link bellow, fill
the form and then submit as we will verify your identity and register you
to CitiSafe free of charge. This way you are fully protected from fraudulent
activity on all the accounts that you have with us.

Click to protect yourself from fraudulent activity!

To make Citibank.com the most secure site, every user will be
registered to CitiSafe.

NOTE! If you choose to ignore our request, you leave us no choice but to
temporally suspend your account.

* Please do not respond to this e-mail, as your reply will not be received.

Regards, Citibank Customer Support

The Spoof Webpage...


Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services... Email Alerts Add your email address to our email alert service... Subscribe Privacy Policy RSS News Feed Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!). Scam Alert News Feed You can even put the latest alerts on your own web site.

Library of Spoof Email Phishing Scams Brief guide to Phishing Full article on spoof email scams Spoof URL Checker Link Checker Browser URL Spoofing Vulnerability Check Latest browser bug aids Phishing Scams - beware!

Click the arrow to return to previous page Home Guides... Book Terminology How to identify a first edition book Auction Watcher List of the main Auction Sites world wide
<table border='0' cellpadding='0' cellspacing='0' width='120' height='243'> <!--DWLayoutTable--> <tr> <td><a href='http://www.amazon.co.uk/exec/obidos/redirect-home/millersmile09-21' target=_top ><img src="http://images-eu.amazon.com/images/G/02/associates/recommends/default_120x243.gif" width=120 height=243 border="0" access=regular></a></td> </tr> <tr> <td height="1"><img src="../spacer.gif" alt="" width="120" height="1"></td> </tr> </table>

Attn: Security Update!Act Now! 4th August 2004

Attn: Security Update!Act Now!
4th August 2004