This type of phishing scam is common as dirt, but this example is particularly lame. First, it includes the sections of CitiBank’s standard notices that would normally include the account holder’s name and the last 4 digits of the account — but they’re blank. Then there are some typos. But the really lame part is that the links at the end (Contact Customer Service, View Our Privacy Statement, Add Us to Your Address Book) point to americanexpress.com
Sender: CitiBank@email.citibank.com
Subject: CitiBank Account Alert
Text:
CitiBank Account Alert – Personal Security Update
Dear Citi Bank member,
To protect your account(s), we need you to re-authenticate your account by updating your Personal Se curity Details. For authenticate your identity please click on the following link.
http://online.citi.us/US/JPS/serverstack/action?request_type=75629812604 . (link leads to http://www.ecoles.mc/online.citibank.com/US/JSO/signon/LocaleUsernameSignon.dolocale=en_US.html)
Due to concerns, for the safety and integrity of the Citibank account we have issued this warning message. It has come to our attention that your Citibank account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. .
Thank you for your Cardmembership.
Sincerely,
CitiBank Customer Care
Contact Customer Service (link leads to http://www.americanexpress.com/Tracking?mid=CASEUPSW0001005C96900389B51EA03A&msrc=MYCA&url=https://www.americanexpress.com/messagecenter)
View Our Privacy Statement (link leads to http://www.americanexpress.com/Tracking?mid=CASEUPSW0001005C96900389B51EA03A&msrc=MYCA&url=http://www.americanexpress.com/privacy)
Add Us to Your Address Book (link leads to http://www.americanexpress.com/Tracking?mid=CASEUPSW0001005C96900389B51EA03A&msrc=MYCA&url=https://www212.americanexpress.com/dsmlive/dsm/dom/us/addustoyouraddressbook.do?vgnextoid=46c001cc1e65b110VgnVCM100000defaad94RCRD)
Your Cardmember information is included in the upper-right corner to help you recognize this as a customer service e-mail from CitiBank. Using the spam/junk mail function may not block servicing messages from being sent to your email account. .
Copyright 2012 CitiBank. All rights reserved.
CASEUPSW0001005
Here’s what it looks like:
I got a variant of this scam, this time coming from American Express. They changed the logo to AMEX’s but the cardholder name and account are still blank. The hyperlink to authenticate your identity looks like it leads to AMEX if you just glance at it:
http://220.85.124.1/home.americanexpress.com/ And the text is different than the CITI version:
Subject: American Express Alert – Personal Security Key Reset
Sender: AmericanExpress@email.americanexpress.com
Text:
American Express Alert – Personal Security Key Reset
Dear American Express member,
To protect your account(s), we need you to re-authenticate your account by updating your Pers onal Security Key. For authenticate your identity please click on the following link.
http://www.americanexpress.com/myca/form/serverstack/action?request_type=75629812604 . (link actually leads to http://220.85.124.1/home.americanexpress.com/)
As a reminder, your Personal Security Key is not the password associated with your User ID when you log in to http://www.americanexpress.com. You created this unique key when you activated your Card. We will ask for your Personal Security Key when you call American Express to validate your identification and to securely and promptly service your requests. Your Personal Security Key applies to all of your American Express Card accounts where you are the Basic Cardmember.
Thank you for your Cardmembership.
Sincerely,
American Express Customer Care
I got a dozen CITI spams today with subjects like “Account Warning”, “Account Insufficient funds”, “Account Notify”, and “Account Operation Alert”. They used the CITI logo, and had a blue rectangular box in the upper right corner labelled “EMAIL SAFETY AREA” with a lock icon. The notices various refer to problems with savings or checking accounts. Here’s sample text:
Alerting Service
Bill Payment
Savings Account XXXXXXXXX4
Amount Debited: $9,590.02
Date: 12/12/12
Click Here to Abort Detailed information
Bill Payment
Savings Account XXXXXXXXX4
Amount Debited: $.39
Date: 12/12/12
Log In to Overview Details
ABOUT THIS MESSAGE
Please do not reply to this message. auto-notification system not configured to accept incoming messages.