Claim: Citibank is sending out checking account suspension notices and asking customers to verify their acceptance of new terms and conditions. Your Checking Account at Citibank We are letting you know, that you, as a Citibank checking account holder, must become acquainted with our new Terms & Conditions and agree to it. Please, carefully read all the parts of our new Terms & Conditions and post your consent. Otherwise, we will have to suspend your Citibank checking account. This measure is to prevent misunderstanding between us and our valued customers. We are sorry for any inconvinience it may cause. Origins: Yet again a redirection scam has hit the Internet in the guise of messages appearing to come from a well-known financial entity; in this case the wolf is disguised in the clothing of Citibank. Just like scams perpetrated earlier this year using PayPal and various Internet service providers as camouflage, this one involves messages which appear to be coming from Citibank itself. In this case the fraudulent message falsely announces that Citibank has changed the Terms & Conditions of its checking accounts and informs the recipient that he must follow a hyperlink to indicate his acceptance of these new conditions or his account will be suspended. In a classic case of redirection scamming, however, the page the user is taken to after clicking the link does not reside on the real Citibank site; it's a phony page camouflaged to look like a real Citibank page and hosted on the web site of Nanhua Futures Trading Co. of Zhejiang, China. (Since the redirection URL is an IP address rather than a domain name, the ruse isn't obvious.) The faux Citibank page records the visitor's e-mail address and asks him to enter the first four digits of his According to the warning Citibank has posted on their web site:
In August 2003 the scammers tried again, this time sending out phony "You've received money transfer" Citibank notices which require the user to enter personal information in order to "prove you are our customer":
|
Once again, the information entered by gullible recipients is going not to Citibank, but to a site registered to "Hangzhou Silk Road Information Technologies Co., Ltd" in Beijing, China.
Scams that trick the gullible into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by talking to them. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an
The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an
![]() | |
Last updated: 31 August 2003