Latest E-Mail Bank Scam Targets Citibank

 
 
By Dennis Fisher  |  Posted 2003-05-22
 
 
 

Latest E-Mail Bank Scam Targets Citibank


Yet another bank-related e-mail scam is beginning to show up in Internet users mailboxes this week, this one targeting users of a money-transfer service owned by Citibank FSB.

The fraudulent e-mail attempts to lure customers of the c2it service into divulging their account usernames and passwords, as well as the credit card numbers associated with their accounts. The message appears to be from c2it Customer Service, but is in fact sent from a Hotmail account. It is an HTML message that contains a form that also asks for each users Social Security number, birth date and mothers maiden name.

The message is unlike many of the other bank scams currently circulating on the Internet in that it looks quite authentic, right down to the actual c2it logo. There are none of the misspellings, careless grammar or other mistakes that typically give away other such scams. One of the few clues that the message is not authentic is the Hotmail return address in the message header.

Also, if a user clicks the button in the message to submit their information, the link takes the user to a site owned by the Harvard-Smithsonian Center for Astrophysics.

C2it is a Web-based service that enables users to send money to individuals or bank accounts around the world. The e-mail arrives with a subject line reading, "Your account is on hold." The body of the message reads, in part:

"c2it is currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and placed on Hold status. Protecting the security of your c2it account is our primary concern, and we apologize for any inconvenience this may cause.

To restore your account to its regular status, you must confirm your email address by logging in to your c2it account using the form."

Page 2


The c2it scam comes on the heels of two similar schemes targeting customers of First Union Bank and Bank of America. The two scams, both of which started in the last few weeks, take the form of e-mail messages that tell recipients that there is a problem with their online banking account. The messages include a link to a Web site where the recipient is asked to enter either his online banking username and password or some other sensitive information.

Some Internet users are also receiving similar e-mails telling them that there is a problem with their accounts at eBay or PayPal. Both messages ask recipients to verify their account information by entering their usernames and passwords. However, the messages are going out to random addresses and many of the people receiving them dont have accounts with either of the Web sites.

Latest Security News:

Rocket Fuel