Skip to main content

scam-tastic!

Your request for Express Transfer from your Citi account to your bank account ending in (number), has been received and is in process. This process usually takes 6-8 working hours to complete but is dependent on your account preferences. See, Change or Cancel this Transfer at: (URL) If there is a problem with your request, it may take up to one week for your bank to notify us. We will notify you immediately by email if we learn of any problems in processing your request. Yours sincerely, The Citibank Team
I look through my cards. All but one is in my wallet, with one at home safely with my passport. None of the current cards have a (number) ending). I scratch my head, go to the (URL) from the mail, making sure it doesn't have some strange address spoofing bits in it, and load it in FireFox browser in case it wants to play ActiveX games. CitiBank's site loads with an unsuspiciously short URL, no redirects, no weirdness. It wants me to log in using my credit card number and PIN. Even if I had the card with me, I'm not really wanting to log right in, sending my CC number and PIN across a page that doesn't start with the secure "https". The name/pwd login is "temporarily under maintenance" and directs users to use the CC/PIN login. I try to get to the "contact" page, but it states that I can't access that page without logging in.

Instead of using the page from the mail, I go to CitiBank's main page to compare. Goodness, they sure look similar, and employ similar verbiage. However their page on fraud states:
If you're required to enter personal information to perform a transaction, it's always done on a site secured with SSL technology — you can tell because there'll be a padlock icon at the bottom of your screen. Most important, if you click on the padlock, a security certificate will pop up. In it, there's a section that says "Issued to:" If it's really a Citibank site, then the URL will end in "citibank.com."
The site in the mail ends in "signing-en.us" -- the "citibank.com" portion, were it separated by a slash, would be plausible, but this looks like a citibank-named subdomain on the suddenly very dubious looking "signing-en.us" domain. Click to report, and a pop-up showing about 40 known scams are listed, with a little report link right after the scam-mail's subject header. There's mine: "Date: 04/28/04 Your request for Express Transfer -Citi E-mail Alerts"

Most humorous of all, when googling for information on this, a site had a in-page pop-in (not pop-up; I've not seen those since switching to mozilla browsers) that offered "Find the best deals on 'citibank+fraud'!" Whoo.

Comments

Post a Comment

Popular posts from this blog

Tony diTerlizzi and classic D&D monsters

The sixth entry of his series on drawings of classic D&D monsters is up. He's one of my favorite fantasy artists. His work tends toward the charming and cozy, rather than others' focus on machismo or melodrama.
Post a Comment
Read more

sad fate

“Our legendary personalities are evergreen ‘brands’ with the benefit of worldwide recognition,” reads a message on the Richman agency’s website. Guardian UK Article *vomits* Where is the line drawn between “public figure” and “celebrity”? How can a dead person have an agent, particulary where there are no specific works concerned other than a sense of character? It’s one thing to insist that Duck Soup is a work that should be protected (which any more simply means controlled by whomever has the most buX0rs), but shouldn’t personalities and such pass into the public domain as well? ( boingboing : Bill Gates 0wns Einstein, Groucho , Freud, Asimov, Fuller, et al )
Post a Comment
Read more