Claim: Citibank is sending out notices asking customers to log in and verify their accounts.
Example:[Collected on the Internet, 2004]
Origins: The notice reproduced above is yet another redirection scam (also known as "phishing") intended to deceive recipients into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. Citibank customers were the target of at least two similar scams in 2003 (covered on our site here and
In this case the fraudulent message appears to be coming from Citibank itself, falsely announces that Citibank has had to "block some accounts connected with money laundering, credit card fraud, terrorism and check fraud activity," and urges recipients to log in using the provided link and "check their checking and savings accounts" to verify that the accounts are still active and the current balances are correct. However, the page the user is taken to after clicking the link does not reside on Citibank's site; it's a phony page hosted on a Korean web site and camouflaged to look like a real Citibank page. After the user attempts to log in through the phony page (supplying his ATM or credit card number and PIN in the process), he's presented with an error message proclaiming that the login failed due to a "system overload" and is then redirected to the real Citibank site (thus helping to obscure that he supplied sensitive account information to a non-Citibank site).
Scams that trick the trusting into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by asking them for it. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service by telephone and ask them about the e-mail (or go directly to their web site — don't follow links provided in e-mail messages.)
The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner.
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.