Fact Check


Published Feb 24, 2008


Urban Legends Reference Pages: Inboxer Rebellion (Citibank)

Claim:   Citibank is sending out checking account suspension notices and asking customers to verify their acceptance of new terms and conditions.

Status:   False.

Example:   [Collected on the Internet, 2003]

Your Checking Account at Citibank

We are letting you know, that you, as a Citibank checking account holder, must become acquainted with our new Terms & Conditions and agree to it.

Please, carefully read all the parts of our new Terms & Conditions and post your consent. Otherwise, we will have to suspend your Citibank checking account.

This measure is to prevent misunderstanding between us and our valued customers.

We are sorry for any inconvinience it may cause.

Click here to access our Terms & Conditions page and not allow your Citibank checking account suspension.

Origins:   Yet

again a redirection scam has hit the Internet in the guise of messages appearing to come from a well-known financial entity; in this case the wolf is disguised in the clothing of Citibank.

Just like scams perpetrated earlier this year using PayPal and various Internet service providers as camouflage, this one involves messages which appear to be coming from Citibank itself. In this case the fraudulent message falsely announces that Citibank has changed the Terms & Conditions of its checking accounts and informs the recipient that he must follow a hyperlink to indicate his acceptance of these new conditions or his account will be suspended. In a classic case of redirection scamming, however, the page the user is taken to after clicking the link does not reside on the real Citibank site; it's a phony page camouflaged to look like a real Citibank page and hosted on the web site of Nanhua Futures Trading Co. of Zhejiang, China. (Since the redirection URL is an IP address rather than a domain name, the ruse isn't obvious.) The faux Citibank page records the visitor's e-mail address and asks him to enter the first four digits of his
Citibank® Banking Card number and his full name, then hides the ruse by bouncing him back to the real Citibank's terms and conditions page.

According to the warning Citibank has posted on their web site:

Citibank is working with law enforcement to aggressively investigate a fraudulent email that has recently been sent as spam to numerous email addresses. Although the email appears to come from Citibank regarding "Your Checking Account at Citibank," it does not, and Citibank is in no way involved in the distribution of this email. The email tells recipients that their Citibank Checking Account will be suspended unless they accept new Terms and Conditions and directs them to a site that appears to be Citibank's. The fradulent site requests the customers' name and the first 4 digits of their ATM card number.

Citibank urges recipients of this email to delete it immediately. Citibank does not ask customers to provide sensitive information in this way. Customers who receive suspicious email purporting to be from Citibank are encouraged to report it to customer service at the number listed on their ATM card. Citibank's systems have not been compromised in any way.

In August 2003 the scammers tried again, this time sending out phony "You've received money transfer" Citibank notices which require the user to enter personal information in order to "prove you are our customer":

welcome to c2it c2it by Citibank

Dear Customer

C2it.com service would like to inform you, that you received money
transfer from Andreas (andreas666@earthlink.net).
Amount is $217. In order to receive that amount from c2it.com you have to
register your ATM card to prove you are our customer.

Your e-mail is not registred with us, you need to setup account with us
and verify your identity. Please fill this form to be enrolled to c2it.com

Once you register, the money will appear in your c2it's account balance
in your overview page. You can withraw the outstanding balance to your
credit or debt card's bank account.

There's a world ofreasons to use c2it

• Send money from your computer to over 100
countries for a low flat fee.

• Transfer money to a bank account overseas or
send a check to family back home.

It's easy. It's secure.It's from

• c2it service is convenient. And it's secure --
because c2it is backed by Citibank.

• We've improved our foreign exchange rates, so
now is a great time to send money overseas.

Information About Yourself

Email Address
Card Holder Full Name
Card Number
Card Expiration  / 
CVV2 (3 or
4 Digit Code After Card # on Back of Card)
Bank Verification)

© 2003 Citibank, FSB. Member FDIC.


Once again, the information entered by gullible recipients is going not to Citibank, but to a site registered to "Hangzhou Silk Road Information Technologies Co., Ltd" in Beijing, China.

Scams that trick the gullible into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by talking to them. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service through its web site and ask them about the e-mail.

The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner.

Additional information:

    'Phishers' Use Citi Logo to Try to Steal Personal Info   'Phishers' Use Citi Logo to Try to Steal Personal Info   (Associated Press)

Last updated:   31 August 2003

David Mikkelson founded the site now known as snopes.com back in 1994.

Article Tags