Skip to main content

scam-tastic!

Your request for Express Transfer from your Citi account to your bank account ending in (number), has been received and is in process. This process usually takes 6-8 working hours to complete but is dependent on your account preferences. See, Change or Cancel this Transfer at: (URL) If there is a problem with your request, it may take up to one week for your bank to notify us. We will notify you immediately by email if we learn of any problems in processing your request. Yours sincerely, The Citibank Team
I look through my cards. All but one is in my wallet, with one at home safely with my passport. None of the current cards have a (number) ending). I scratch my head, go to the (URL) from the mail, making sure it doesn't have some strange address spoofing bits in it, and load it in FireFox browser in case it wants to play ActiveX games. CitiBank's site loads with an unsuspiciously short URL, no redirects, no weirdness. It wants me to log in using my credit card number and PIN. Even if I had the card with me, I'm not really wanting to log right in, sending my CC number and PIN across a page that doesn't start with the secure "https". The name/pwd login is "temporarily under maintenance" and directs users to use the CC/PIN login. I try to get to the "contact" page, but it states that I can't access that page without logging in.

Instead of using the page from the mail, I go to CitiBank's main page to compare. Goodness, they sure look similar, and employ similar verbiage. However their page on fraud states:
If you're required to enter personal information to perform a transaction, it's always done on a site secured with SSL technology — you can tell because there'll be a padlock icon at the bottom of your screen. Most important, if you click on the padlock, a security certificate will pop up. In it, there's a section that says "Issued to:" If it's really a Citibank site, then the URL will end in "citibank.com."
The site in the mail ends in "signing-en.us" -- the "citibank.com" portion, were it separated by a slash, would be plausible, but this looks like a citibank-named subdomain on the suddenly very dubious looking "signing-en.us" domain. Click to report, and a pop-up showing about 40 known scams are listed, with a little report link right after the scam-mail's subject header. There's mine: "Date: 04/28/04 Your request for Express Transfer -Citi E-mail Alerts"

Most humorous of all, when googling for information on this, a site had a in-page pop-in (not pop-up; I've not seen those since switching to mozilla browsers) that offered "Find the best deals on 'citibank+fraud'!" Whoo.

Comments

Post a Comment

Popular posts from this blog

send this to your crush without context.

Post a Comment
Read more

dan simmons’ fiction

“I came back for my own purposes,” said the Time Traveler, looking around my booklined study. “I chose you to talk to because it was . . . convenient. And I don’t want you to do a goddamned thing. There’s nothing you can do. But relax . . . we’re not going to be talking about personal things. Such as, say, the year, day, and hour of your death. I don’t even know that sort of trivial information, although I could look it up quickly enough. You can release that white-knuckled grip you have on the edge of your desk.” I tried to relax. “What do you want to talk about?” I said. “The Century War,” said the Time Traveler. I blinked and tried to remember some history. “You mean the Hundred Year War? Fifteenth Century? Fourteenth? Sometime around there. Between . . . France and England? Henry V? Kenneth Branagh? Or was it . . .” “I mean the Century War with Islam,” interrupted the Time Traveler. “Your future. Everyone’s.” He was no longer smiling. Without asking, or offering to pour me any, he
8 comments
Read more