I was digging around in bulk mail and found one that uses the same social-engineering tactics as the Paypal spoof. This one pretends to originate from www.c2it.com.

After seeing it, I went there to look for alerts. Bigger'n dammit:

https://www.c2it.com/C2IT/alert.jsp

Important c2itSM by Citibank Security Alert
September 2, 2003

It has come to our attention that Citibank's c2it members and nonmembers have received a fraudulent email with the subject lines: "You've received money transfer" or "ATTENTION: Money Transfer." Although this message appears to come from Citibank, it does not. If you receive such an email, delete it. If you have already responded to the email, please call the customer service number for your card provider. Additionally, if you are a c2it member and have provided the sender personal information, please contact c2it customer service at (800) 200-3881. From outside the U.S., call collect (904) 954-7222, 24 hours a day.

The c2it organization is working with the proper law enforcement authorities to stop this campaign. In the meantime, keep in mind, that c2it, Citibank, Citigroup or Citi Cards would not send you an email requesting personal information, and any you receive asking for confidential information should raise a red flag.

Your privacy and safety are our primary concern, and we encourage you to contact us whenever you suspect illegal activity. Additional information regarding online security can be found on our website.


Never respond to emails that ask you for this kind of information.
Delete it or report it to the company from which it seems to have been sent or get the feds involved. Then again, you can always fill in bogus info first :whistlesInnocently:

Here's what it looks like:

I've just called the 800 number above and was asked to forward the email to the following address: emailreport@citicorp.com

I'll sticky this for a bit. Give it, say, twelve hours from timestamp if I don't get to it first.

That's why I don't open mail from people I don't know. Anything that asks specifically for your password should be a HUGE danger flag.

Originally posted by Cruise Director
That's why I don't open mail from people I don't know.


Ooo... See... A lot of worms harvest your addresses and send copies of themselves to them from YOU!

Always scan attachments even if you know the sender!

This isn't a virus or a worm. It's a spoof designed to get you excited about the prospect of unexpected income and toss caution to the wind.

Well, I'm amplifying that caution right here and now.

Go back to the snapshot and look at spelling, sentence structure and general grammar. A company like Citibank would certainly have taken more care than to spell "debit card" as "debt card", for one.

Look for some more mistakes.

"Setup"...

Lots and lots of grammatical errors in that page.

This was on the News Consumer Report on Global last night.

It's the second "citibank" scam in less than a month

Here's another: http://www.silicon.com/news/500013/1/5814.html

A new spoofed Citibank spam email is doing the rounds in an attempt to part unwitting victims from their credit card details, PIN number and email account details.


Citibank warned customers last month about a spam email scam that informed recipients their Citibank account would be suspended unless they accepted new terms and conditions. A link in the email directed them to a fake, but convincing, Citibank website that requested the customer's name and bank card details.


Citibank took the unusual step of issuing a statement to all its customers saying: "Although the e-mail appears to come from Citibank regarding 'Your Checking Account at Citibank,' it does not, and Citibank is in no way involved in the distribution of this e-mail."


But one silicon.com reader, Remo Cornali from Italy, has forwarded on a new fraudulent Citibank scam, which has begun to spread over the weekend.


It uses a new twist on the traditional 'phishing' technique of spamming thousands of users with a scam email that links people to a fake banking website to steal their personal and financial details. Instead, it says the person has received a payment of $217 via Citibank's online wire service, c2it.com. One giveaway that all might not be as it seems, however, is the appalling spelling and grammar.


The email seen by silicon.com said: "Your email is not registred [sic] with us, you need to setup [an] account with us and verify your identity. Please fill this form to be enrolled to c2it.com service. Once you register, the money will appear in your c2it's account balance in your overview page. You can withraw [sic] the outstanding balance to your credit or debt [sic] card's bank account."


As ever, there is a twist, and anyone foolish enough to enter their details can probably expect their card to cleaned out fairly swiftly and their email account used for further scams. Cornali said the server set up to collect the financial details is in South Korea.


Chris McNab, technical director of security consultancy Matta, said spoofing is easy because of the inherent insecurity of messaging and internet protocols and that user education and the use of spam filters are the only ways to combat this type of scam.


"The only way to mitigate that risk is to teach users to be more vigilant. You should never be asked for credit card details by email. And I'm pretty sure a good spam filter would stop many of these messages," he said.


A spokeswoman for Citigroup said the company is working with law enforcement to investigate the email fraud and have the fake site shut down, and warned customers not to be fooled into giving out their account details.


"Citibank does not ask customers to provide sensitive details in this way. We believe no customer information or systems have been compromised," she said.


Andy McCue

Always scan attachments even if you know the sender!


Or better yet: Set up a mail filter rule that deletes all messages with attachments.

Remember folks: attachments are lame, useless, and untrustable.

Hmmm. An axiom. I missed it.

Good advice!

I open all the emails for my company.
My boss used to but he is a virus magnet! While everyone else was getting msblaster he got backdoor.jeem and I didn't find it until I updated. (which he REFUSES to do)

I keep norton updated weekly and I have had no trouble scanning attachments. But when ppl fwd me emails with or without attachments I send them scathingly emails telling them in no uncertain terms to never send me another fwd. I can't do a damn thing with my limited know-how, my antivirus, and my computer network setup to protect myself against a virus that I open. That just the reality of what I have to work with at work.
All attachments are scanned automatically. All "spam" gets dumped automatically.

(My boss also spent a buttload of money on some fucked up spam filtering email that filters exactly shit! (except legitimate mailng lists my boss signed up for that we should unsubscribe from) I still have to check all the emails myself and sort them manually.)

Now at home, since I set up my norton internet security I have had exactly NO trouble with port scans, trojans, viruses, etc. I am on dial up and thou I'm not a static IP I do stay logged on for weeks at a time, but it has worked very well for me.

To all those ppl rolling their eyes and saying "norton doesn't protect shit" It works for my application, which is similar to the applications of lots of you. No one wants to hack my PC and use its processor power or storage space over dial up. My #1 danger on the internet is something that will fuck up my OS and cause me to have to format and possibly lose my files. Thats the angle Kol started this thread from and I suggest its the angle you take it from.

For me, my main inconvience is telling ppl to get fucked when they send me fwd's. Everything else has gone smoothly since I installed norton antivirus, norton internet firewall and started an update regime.