More NewsBogus E-mail Targets Citibank Customers

Bogus E-mail Targets Citibank Customers

The latest variation on the 'phishing' fraud alert scam warned that the recipient's checking account could be suspended. Its muddy language makes it easier to spot.

On Sunday, a piece of email purporting to be from Citibank was released into the spam-o-sphere. It notified the recipient that he or she needed to visit the corporate Web site and agree to new policies.

While Citibank has been criticized for lacking a standard naming convention for its URLs, the latest grift doesn’t exploit the bank’s vagaries of usage. It simply asks the recipient, as a Citibank customer, to click on a URL that begins with “www.citibank.com” to read and agree to the bank’s new Terms & Conditions.

The missive is weirdly worded however, saying, “Click here to access our Terms & Conditions page and not allow your Citibank checking account suspension.”

While one link within the email went to the real Citibank’s privacy policy page, the link that supposedly led to the new terms and conditions page actually directed users to a crooked site, where they might be asked to reveal personal information in a practice known as phishing. By Monday morning, the link no longer worked.

In May, Citibank was the victim of a similar con, when a fraudulent email targeted users of its c2it money transfer service, asking them to submit personal information via a form within the email.

A statement emailed by a Citibank spokesperson to internetnews.com said both Citibank customers and non-customers had been falsely targeted.

“Citibank is working with law enforcement to aggressively investigate a fraudulent email that has recently been sent as spam to numerous email addresses,” the spokesperson said. “The spoof site did not ask for social security numbers; it asked for the first four digits of the customer’s ATM card and their name. Obviously, that information does not divulge the customer account number, nor the full ATM card number and is less sensitive than a Social Security Number.”

However, the spokesperson had no information about how or whether it intended to alert its customers. Citibank’s Web site has a link to its SafeWeb policy protecting customers from losses due to unauthorized transfers or withdrawals — as long as the customer notifies Citibank within two business days.

On August 12, federal bank and thrift regulatory agencies issued proposed guidelines to require financial institutions to develop programs to respond to incidents of unauthorized access to customer information. In June, U.S. Sen. Dianne Feinstein introduced The Notification of Risk to Personal Data Act, which would require businesses or government agencies to notify individuals if a database has been broken into and personal data has been compromised. Neither would mandate warning customers of third-party attempts to get sensitive info directly from individuals.

Meantime, Citibank checking customers will have to keep an eye out for the bogus email.

Related Articles

GDPR: The role of technology in data compliance

Data & Analytics GDPR: The role of technology in data compliance

3w Clark Boyd
What companies can learn from the We-Vibe lawsuit about the Internet of Things

Legal & Regulatory What companies can learn from the We-Vibe lawsuit about the Internet of Things

8m Al Roberts
Has advertising arrived on Google Home?

Media Has advertising arrived on Google Home?

8m Al Roberts
Is Twitter slowly dying?

More News Is Twitter slowly dying?

9m Al Roberts
FedEx launches fulfillment service to take on Amazon

Ecommerce FedEx launches fulfillment service to take on Amazon

9m Al Roberts
Target is the top retail digital marketer, so why is it struggling?

Ecommerce Target is the top retail digital marketer, so why is it struggling?

8m Al Roberts
YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

More News YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

9m Al Roberts
YouTube is getting rid of 30-second unskippable pre-roll ads

Ad Industry Metrics YouTube is getting rid of 30-second unskippable pre-roll ads

9m Al Roberts