PDA

View Full Version : Be aware of the Citicorp spoof.



Formula Jr
11-09-2004, 02:12 PM
This little e-mail spam is quite hidious and uses the actual citicorp site links to look real. Only the sign-on link redirects you to some crooks in North Korea that are phishing your account numbers. The same technique is being used for Pay Pal and eBay. I dare say, never use any link from an ad you may get in an e-mail.

Marlin275
11-09-2004, 05:35 PM
I got two of these last week and told the FBI,
they said unless you responded they aren't interested.
A key to fake is the links expire in hours so they move on.

Marlin275
11-11-2004, 02:11 PM
Here is a fake CitiBank e-mail
Just got another phony offer.
The specified server could not be found. . .wonder why :biggrin.:


This courtesy notice is to advise you that because of insufficient funds in Account Number ************9049,
we were unable to process your $505.00 recurring transfer to Account Number ************9241 today (Reference number 0110092).

We will attempt to process this transfer four more times until the end of the business day.
If the funds are not available by then or this transfer will be not cancelled penalty fee $10.00 will be applied according TOS.

See, Change or Cancel this Transfer at:
http://www.citibank.com.sci-ds.us\ctrl/nfcbs/client/panel/mode/us/?consumer=gabelerdesign@hotmail.com_t2&lgntype=Direct_Signon

Thank you for banking with Citibank. We appreciate the opportunity to serve you.

Sincerely,
Citibank Online Customer Service :D :biggrin.:

Here is the first fake one they sent me.

Dear valued Citibank member, :rlol:

Due to concerns, for the safety and integrity of the online banking community we have issued the following warning message.

It has come to our attention that your account information needs to be confirmed due to inactive customers, fraud and spoof reports. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to confirm your records may result in your account suspension.

Once you have confirmed your account records your internet banking service will not be interrupted and will continue as normal.


Please <http://218.4.196.49/signin/citifi/scripts/login2/index.html>click here to confirm your bank account records.


Thank you for your time,
Citibank Billing Department. :rlol:

Formula Jr
11-11-2004, 03:13 PM
This particular technique of spoofing can apply to ANY e-mail you might get. And that makes it very effective.
For instance, lets say you get a confirmation or promotion from Amtrak or any of the sites you may regularly visit. At the bottom of the e-mail there is a link to what you may think is the home site. And you might think, as I have in the past, why not just click there instead of going back to your browser's bookmarks. But you have no garantee that the supplied link isn't going to redirect you to a fake website that mimics the real site in all aspects except the payment page. It does this by suppling a direct locator number in the link. In my e-mails the citi spoof wants to send me to 218.12.29.40 and in the above post to 218.4.196.49. Neither of these is a valid citi corp site. What is surprising, is just how easy this is to do and how the URL parser will ignore everything after the number. All you need is to capture the HTML of the site, and insert your home links and credit card query link using this technique. Any 10 year old with some knowledge of HTML can do this. :kaioken: