Citibank

Status:   False.

Example:   [Collected on the Internet, 2003]

Origins:   Yet

again a redirection scam has hit the Internet in the guise of messages appearing to come from a well-known financial entity; in this case the wolf is disguised in the clothing of Citibank.

Just like scams perpetrated earlier this year using PayPal and various Internet service providers as camouflage, this one involves messages which appear to be coming from Citibank itself. In this case the fraudulent message falsely announces that Citibank has changed the Terms & Conditions of its checking accounts and informs the recipient that he must follow a hyperlink to indicate his acceptance of these new conditions or his account will be suspended. In a classic case of redirection scamming, however, the page the user is taken to after clicking the link does not reside on the real Citibank site; it's a phony page camouflaged to look like a real Citibank page and hosted on the web site of Nanhua Futures Trading Co. of Zhejiang, China. (Since the redirection URL is an IP address rather than a domain name, the ruse isn't obvious.) The faux Citibank page records the visitor's e-mail address and asks him to enter the first four digits of his
Citibank® Banking Card number and his full name, then hides the ruse by bouncing him back to the real Citibank's terms and conditions page.

According to the warning Citibank has posted on their web site:

Citibank is working with law enforcement to aggressively investigate a fraudulent email that has recently been sent as spam to numerous email addresses. Although the email appears to come from Citibank regarding "Your Checking Account at Citibank," it does not, and Citibank is in no way involved in the distribution of this email. The email tells recipients that their Citibank Checking Account will be suspended unless they accept new Terms and Conditions and directs them to a site that appears to be Citibank's. The fradulent site requests the customers' name and the first 4 digits of their ATM card number.

Citibank urges recipients of this email to delete it immediately. Citibank does not ask customers to provide sensitive information in this way. Customers who receive suspicious email purporting to be from Citibank are encouraged to report it to customer service at the number listed on their ATM card. Citibank's systems have not been compromised in any way.

In August 2003 the scammers tried again, this time sending out phony "You've received money transfer" Citibank notices which require the user to enter personal information in order to "prove you are our customer":

Dear Customer C2it.com service would like to inform you, that you received money transfer from Andreas (andreas666@earthlink.net). Amount is $217. In order to receive that amount from c2it.com you have to register your ATM card to prove you are our customer. Your e-mail is not registred with us, you need to setup account with us and verify your identity. Please fill this form to be enrolled to c2it.com service. Once you register, the money will appear in your c2it's account balance in your overview page. You can withraw the outstanding balance to your credit or debt card's bank account. There's a world ofreasons to use c2it service. • Send money from your computer to over 100 countries for a low flat fee. • Transfer money to a bank account overseas or send a check to family back home. It's easy. It's secure.It's from Citibank. • c2it service is convenient. And it's secure -- because c2it is backed by Citibank. • We've improved our foreign exchange rates, so now is a great time to send money overseas. Information About Yourself Email Address Password Card Holder Full Name Card Number Card Expiration Month 01 02 03 04 05 06 07 08 09 10 11 12  /  Year 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 CVV2 (3 or 4 Digit Code After Card # on Back of Card) ATM PIN (For Bank Verification) © 2003 Citibank, FSB. Member FDIC.