Nice Citibank phishing attempt example

October 7, 2008 1 Comment

We intercepted a nice Citibank phishing attempt. The email contains the notification that 1 message is waiting for you in the mail section so you will need to login.

Dear Customer,

You have one new message at .Citibank (South Dakota).

INBOX

From: Customer Service
Date: 10/07/2008
Subject: Official service renewal notification.

In order to read the message  click here <http://www.***********.com/uploads/z/***/citibank/index.html>  to login at
 Citibank (South Dakota) and access your MAIL section. 

This link brings us to the first step in the whole process, the login page. Notice that there is no secure HTTPS in use. The whole phishing web site is hosted on a blog server.

After a succesfull login (with a non real login and password of course) we get the security notification message to see.

This message explains that our account is temporary locked for security reasons after detection login attempts of foreign IP addresses. So, we need to update our account. When clicking in Continue we can fill in all our private details such as our address and more important our credit card details.

Again, we continue with dummy data and get a response page that the submitted details will be verified.

The green button at the end of the page contains a link to an external web site and leads us to a log out confirmation page. This domain appears to be registered by Citibank and contains a secured HTTP connection.

As you can see, it’s that easy to steal your information if you don’t pay any attention at all. Phishing attempts can be detected by following some simple rules:

  • do not trust the email from address at all times
  • banks do not send you an email to ask to re-activate or confirm your account, even if they include their logo and if it looks legit
  • banks also do not ask you to send private and critical data over the internet like your credit card details
  • always keep an eye on the address in the URL locator of your browser
  • don’t send any details over an unsecured HTTP, always look for HTTPS and make sure your browser is showing a HTTPS security icon in the status bar

Filed under Phishing Tagged with , ,

One Response to Nice Citibank phishing attempt example

  1. Julia Georgescu says:
    March 28, 2010 at 7:13 am

    Good advice…Thanks .. I don;t agree very much banks. :P keep it up !!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers