Sign up for the Security newsletter

New Citibank email scam spreads

"You have received a money transfer"…really?

By Andy McCue on 1 September 2003 16:14

NEWS A new spoofed Citibank spam email is doing the rounds in an attempt to part unwitting victims from their credit card details, PIN number and email account details. Citibank warned customers last month about a spam email scam that informed recipients their Citibank account would be suspended unless they accepted new terms and conditions. A link in the email directed them to a fake, but convincing, Citibank website that requested the customer's name and bank card details. Citibank took the unusual step of issuing a statement to all its customers saying: "Although the e-mail appears to come from Citibank regarding 'Your Checking Account at Citibank,' it does not, and Citibank is in no way involved in the distribution of this e-mail." But one silicon.com reader, Remo Cornali from Italy, has forwarded on a new fraudulent Citibank scam, which has begun to spread over the weekend. It uses a new twist on the traditional 'phishing' technique of spamming thousands of users with a scam email that links people to a fake banking website to steal their personal and financial details. Instead, it says the person has received a payment of $217 via Citibank's online wire service, c2it.com. One giveaway that all might not be as it seems, however, is the appalling spelling and grammar. The email seen by silicon.com said: "Your email is not registred [sic] with us, you need to setup [an] account with us and verify your identity. Please fill this form to be enrolled to c2it.com service. Once you register, the money will appear in your c2it's account balance in your overview page. You can withraw [sic] the outstanding balance to your credit or debt [sic] card's bank account." As ever, there is a twist, and anyone foolish enough to enter their details can probably expect their card to cleaned out fairly swiftly and their email account used for further scams. Cornali said the server set up to collect the financial details is in South Korea. Chris McNab, technical director of security consultancy Matta, said spoofing is easy because of the inherent insecurity of messaging and internet protocols and that user education and the use of spam filters are the only ways to combat this type of scam. "The only way to mitigate that risk is to teach users to be more vigilant. You should never be asked for credit card details by email. And I'm pretty sure a good spam filter would stop many of these messages," he said. A spokeswoman for Citigroup said the company is working with law enforcement to investigate the email fraud and have the fake site shut down, and warned customers not to be fooled into giving out their account details. "Citibank does not ask customers to provide sensitive details in this way. We believe no customer information or systems have been compromised," she said.

Comments

There are 15 comments. Join the discussion

  1. 1. Marcia A. Fayard

    I received one of these e-mails on 1/12/2004. I really think that something should be done immediately to stop banking fraud on line because people will be even more scarry to use their on line banking and purchasing of goods online. I think it would be in every best interest to find these people ASAP and prosecute them.

    • 13 January 2004 14:37
    • Add comment

  2. 2. anonymous

    ebay seems to be the object of persecution for this c2it scam. I filled in scam info to trace the ebay file. it lead me to this service which has been disconnected. Well alls well that ends well.

    • 15 January 2004 10:29
    • Add comment

  3. 3. cecil brown

    I recieved one too a couple of weeks ago. I was suspecious so, I sent them a fake account number. Now when I go to the link. It a some type of link to a russian web site.

    • 26 January 2004 21:23
    • Add comment

  4. 4. 419buster

    If you believe that no one would fall for this, think again. Another scam, the Nigerian Advanced fee Fraud Scam, noted as 4-1-9 by the applicable Nigerian law, had bilked over $5 billion by 1996. Lord knows what the total is up to now. P.T. Barnum was right.

    Normally logical people that would raise eyebrows when hearing this stuff in real life seem to believe ANYTHING when read on the net.

    • 13 April 2004 14:49
    • Add comment

  5. 5. Robert Ballantyne

    recieved this email today
    To Vverification_of _your_ Email adderss_ click on the-link :

    http://go.msn.com/HML/6/5.asp?target=H%54%54P:%2F/slhk5dsdh%2E%44%41%2E%72%75%2f?n2775bp43ESpn08THainQ3Dsdto4pl39d

    and enter on the |itt|e _window _your_ _Citibank D_e_b_i_t_ full card-nummber
    and ~PIN~
    that _you use on_the Atm machine...

    N2i6av2q51 3bdw92a3 21av4nv 8xv0m b 6rc20xg0p97z a0bX3wd

    from _CITI_G r o u p s_Email <SelcukNorndon@ecall.com>

    • 24 April 2004 07:59
    • Add comment

  6. 6. anonymous

    I'm not a citibank client, but I have now received 3 emails (the latest today), purporting to come from their admin dept, stating that they are in the process of updating their accounts system and need to verify customers' personal details. They request user names, passwords, credit card details, security numbers and all other relevant information to enable them to clean out the accounts.

    • 25 April 2004 00:57
    • Add comment

  7. 7. anonymous

    Received one today asking for credit card number and pin number.

    5th May 2004

    • 5 May 2004 16:32
    • Add comment

  8. 8. Dr. Arcane

    I've been getting around two or three of these type of emails every week for months. They seem to be targetted at all banks and credit card companies as well as eBay and PayPal. They also seem to be from different 'gangs' as the quality of the email varies as does the spelling and grammar. Some are clearly frauds but a few are very convincing and it is easy to see how some of the more naive recipients can be fooled.

    • 6 May 2004 10:03
    • Add comment

  9. 9. anonymous

    Just received one today stating that this was sent by citbank server. They ask to click on a link and enter your debitcard & pin# that you use on ATM. They can't even spell.

    • 13 May 2004 05:05
    • Add comment

  10. 10. anonymous

    As a potential new customer, still awaiting the necessary paperwork to sign, I find it hard to believe that my application has found it's way to a spam site before I've even been accepted as a customer. This has all the stink of there being a cavernous hole in this company's security and computer system.

    • 18 May 2004 19:33
    • Add comment

  11. 11. anonymous

    This sort of email scam is still floating around, I have received one today. It does seem very convincing as the website it directs you to is citibank.com/signing/scripts etc..

    • 3 August 2004 09:00
    • Add comment

  12. 12. anonymous

    I have received one of these emails and am not a Citibank customer. True, I have used my credit card to withdraw cash from my own bank at a cash machine "hosted" by Citibank. That means that the spammer has penetrated sufficiently deep into the technical links between the two banks to find my email address!

    • 8 August 2004 10:49
    • Add comment

  13. 13. anonymous

    I received one on 28 August 2004, but it is a bit different from what you describe. I'll keep it for a while in case you would like a copy. The recent upgrades to Norton Anti Spam causes email systems to crash so I had to switch it off, and now get masses of spam.

    • 28 August 2004 08:18
    • Add comment

  14. 14. anonymous

    I am not a CitiBank customer but I have received two emails asking to update my details. I have not been to the site so I am unsure of what they ask exactly.

    • 2 September 2004 08:20
    • Add comment

  15. 15. anonymous

    I have received one of the "citibank" emails asking for my details today 14th October 2004, regardless of the fact that I do not have a citibank account.

    It asks for my account number, date of birth and pin number!

    • 14 October 2004 22:04
    • Add comment

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters