Example: [Collected on the Internet, 2004]
Origins: The notice reproduced above is yet another redirection scam (also known as "phishing") intended to deceive recipients into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. Citibank customers were the target of at least two similar scams in 2003 (covered on our site here and
In this case the fraudulent message appears to be coming from Citibank itself, falsely announces that Citibank has had to "block some accounts connected with money laundering, credit card fraud, terrorism and check fraud activity," and urges recipients to log in using the provided link and "check their checking and savings accounts" to verify that the accounts are still active and the current balances are correct. However, the page the user is taken to after clicking the link does not reside on Citibank's site; it's a phony page hosted on a Korean web site and camouflaged to look like a real Citibank page. After the user attempts to log in through the phony page (supplying his ATM or credit card number and PIN in the process), he's presented with an error message proclaiming that the login failed due to a "system overload" and is then redirected to the real Citibank site (thus helping to obscure that he supplied sensitive account information to a non-Citibank site).
Scams that trick the trusting into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by asking them for it. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an
The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an
Fraudulent E-mail Example (Citibank)
Last updated: 6 January 2008