E-emeail fmor Citi-Banck

[old.Osy]

X-Apparently-To: removed@yahoo.com via 216.136.130.96; Mon, 12 Jan 2004 13:08:01 -0800
Return-Path: <thu@citibank.com>
Received: from 62.219.131.78 (HELO bzq-131-78.red.bezeqint.net) (62.219.131.78) by mta457.mail.yahoo.com with SMTP; Mon, 12 Jan 2004 13:08:00 -0800
Received: from citibank.com (mail2.citigroup.com [192.193.226.98]) by bzq-131-78.red.bezeqint.net (Postfix) with ESMTP id D95346F297 for <removed@yahoo.com>; Mon, 12 Jan 2004 16:05:35 -0500
Reply-to: CITIBANK <tamal@citicard.com>
Message-ID: <011101c3d94f$1ce38675$ebd9a508@citibank.com>
From: "CITIBANK" <thu@citibank.com> Add to Address Book
To: "removed" <removed@yahoo.com>
Subject: CITI-ONLINE E-mail Veerification - removed@yahoo.com
Date: Mon, 12 Jan 2004 16:05:35 -0500
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-Virus-Scanned: by Ameriserv.net Anti-Virus E-Gateway
Content-Length: 678




Dear Citi-Bank User,

This e-mail was sentt by the Citi-Card serevr to veerify your e-mail
address. You must cmopelte this pcsroes by clicking on the link
below and enttering in the smal window your Citi ATM
card number and PiN that you use on local Atm.
This is donne for your pecotrtion -4- becaurse some of our membres no
lgeonr have accses to their email adesdsers and we must verify it.

To veerify your e-mail adress and akcess your Citi-Card account, klick on
the link below. If nothing hapepns when you klick on the link -m copy
and passte the link into the addres bar of your window.



http://www.citibank.com/?tieWvJTrAWOffjT2XvJGWdbTaKQK5CXzWbvqWeUxaJMo4Hr1cc

---------------------------------------------
Thank you for using Online-Citibank!
---------------------------------------------

This autotmaic email sent to: removed@yahoo.com
Do not rpely to this email.

T9pUQBGIlKljjtvOJr3E

-----------

Found this extremely amusing *Cooks up a witty reply*

 

[Cyradix]

The english is really that bad in the email?

 

[old.Osy]

The e-mail is genuine, aswell as the message source Had me gigglin' for a good 20 minutes here

edit: Anyway, the english is not the main point. This is a scam-mail, used by various people to obtain sensitive info. The least they could do is type in proper english

 

[Job]

Got that one last night, very good clone of the proper signing in page,they have just replaced username/password with cardno/pin code.
Might well catch out a few people.

How they got to use Citbanks url I don't know, must be some sort of alias on top of a hidden one.
Surely they can be traced with ease.

 

[Cyfr]

Some haxed IE thing I think.

 

[Archeon]

You'd think if they could spend all that time making a clone website they could atleast spare 5mins to run the email through the ol' spell checker

 

[Chilly]

Russians, i ask you?

 

[Job]

IT's a hole in IE, that allows them to copy the url, IE can't display some chars on the address box, so they put these into their web address which contains citibank.com in the middle of it and IE nicely displays just 'citibank.com', Microshite have known about it for a month and have yet to produce a fix.
Loads of big sites have been targetted this way, one Microshite spokesman actually suggested people never follow links on the net, but always type the url in themselves...no shit!

 

[the_hermit]

Halifax Building Society were hacked a month or two back... All their online banking stuff was off, and people kept getting mails from "them" telling you to enter your back details, card number, pin. Same as Lloyds I believe - and they looked like the real deal - AND the English had been spellchecked.

Deffo caught a lot of people out too I believe... Of course, I was impressed with the Lloyds one - I don't use them, never have. Oh, and the Halifax one was sent to the wrong account. And even then, I don't do bank stuff via email... hehehe