scam-tastic!

Your request for Express Transfer from your Citi account to your bank account ending in (number), has been received and is in process. This process usually takes 6-8 working hours to complete but is dependent on your account preferences. See, Change or Cancel this Transfer at: (URL) If there is a problem with your request, it may take up to one week for your bank to notify us. We will notify you immediately by email if we learn of any problems in processing your request. Yours sincerely, The Citibank Team

I look through my cards. All but one is in my wallet, with one at home safely with my passport. None of the current cards have a (number) ending). I scratch my head, go to the (URL) from the mail, making sure it doesn't have some strange address spoofing bits in it, and load it in FireFox browser in case it wants to play ActiveX games. CitiBank's site loads with an unsuspiciously short URL, no redirects, no weirdness. It wants me to log in using my credit card number and PIN. Even if I had the card with me, I'm not really wanting to log right in, sending my CC number and PIN across a page that doesn't start with the secure "https". The name/pwd login is "temporarily under maintenance" and directs users to use the CC/PIN login. I try to get to the "contact" page, but it states that I can't access that page without logging in.

Instead of using the page from the mail, I go to CitiBank's main page to compare. Goodness, they sure look similar, and employ similar verbiage. However their page on fraud states:

If you're required to enter personal information to perform a transaction, it's always done on a site secured with SSL technology — you can tell because there'll be a padlock icon at the bottom of your screen. Most important, if you click on the padlock, a security certificate will pop up. In it, there's a section that says "Issued to:" If it's really a Citibank site, then the URL will end in "citibank.com."

The site in the mail ends in "signing-en.us" -- the "citibank.com" portion, were it separated by a slash, would be plausible, but this looks like a citibank-named subdomain on the suddenly very dubious looking "signing-en.us" domain. Click to report, and a pop-up showing about 40 known scams are listed, with a little report link right after the scam-mail's subject header. There's mine: "Date: 04/28/04 Your request for Express Transfer -Citi E-mail Alerts"

Most humorous of all, when googling for information on this, a site had a in-page pop-in (not pop-up; I've not seen those since switching to mozilla browsers) that offered "Find the best deals on 'citibank+fraud'!" Whoo.