Phishing

Here is a copy and paste of a mail i just received:

Dear Customer
Due to concerns, for the safety and integrity of your account we have issued this warning message.

It has come to our attention that your account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

Once you have updated your account records your service will not be interrupted and will continue as normal.

To update your records click on the following link:

https://citibank.com/detail.do?BV_UseBVCookie=yes&BS_Id=BankingVerification

Citibank © 2008

We Appologize for any inconvienence !

Thank You.

I know this is spam and phishing because i do not have any account in foreign banks, but could anyone (with sufficient knoweledge), show that the link is a bogus-phishing link?

this is what i got and WOT http://www.mywot.com/ a firefox extension did not display saying it was a bad site ???
probably is a scam :wink:
click on pic to enlarge ::slight_smile:


You can alwaus check these things out at www.snopes.com using the search box. I typed in citibank and got this list …

http://search.atomz.com/search/?sp-q=citibank&getit=Go&sp-a=00062d45-sp00000000&sp-advanced=1&sp-p=all&sp-w-control=1&sp-w=alike&sp-date-range=-1&sp-x=any&sp-c=100&sp-m=1&sp-s=0


Common sense, should tell you, NEVER, divulge personal info,through email.Banks do not request,sensitive data, by email,period.

I know this is spam and phishing because i do not have any account in foreign banks
Even if this was a local bank, it would be bogus. Banks do not ask for information through an email as already stated.

I guess this is scam my firefox 3 told that citibank is using a INVALID certificate and Banks have a encrypted connection Use Firefox :slight_smile:

Never, EVER, give personal information like SSN’s, bank acct numbers, passwords, etc. to another party unless YOU initiated the contact AND you know the institution you’re dealing with. If people followed that advice there would be far fewer phishing scams in this world.

If you’re not sure if the email is a scam or not, most browsers will display the real URL in the bar at the bottom of the window/screen when the mouse is held over the URL given in the email. And if it is a scam, or even if you’re just not sure it’s legit, send it to abuse@$company or whatever else sort of email addy the real company has set up for that sort of thing. They’ll go after the scammers and it won’t be pretty.

Over the last week or so, I’ve gotten several of these supposedly from my own bank, the first I’ve seen since it was created by merger two or three years ago.

Standard response(s) should be:

  1. Phone your bank, who will undoubtedly already have heard about it from other customers. They will confirm that it’s “merely” a phishing expedition. They may also ask you to

  2. Send a copy of the email (with full headers) to them for further investigation, and if possible legal action;

  3. If you can’t be bothered with the above, simply delete the email without any other action. As pointed out above, banks will never contact you for personal info by email, or (usually) even by phone.