Citibank customers hit with e-mail scam

The spoofed bank site is actually hosted by a company in Moscow

Citibank customers are being targeted by scam artists trying to get their confidential bank card numbers.

The scam is perpetrated via an e-mail that includes a link that apparently directs users to a Citibank Web site, where they are greeted with a pop-up box asking them for their full debit card numbers, their personal identification numbers (PIN) and their expiration dates.

The problem is the Web site customers are directed to is a fake site operated by someone trying to gain access to that information. The spoofed site is hosted by a Web hosting company in Moscow.

A Ctitibank spokesperson said the company was unaware of the latest e-mail scam, but will work with law enforcement to get the spoofed site taken down.

The New York-based company's Web site already contains information on similar scams that have targeted bank customers in recent months. Ironically, the fake site also contains that information. A similar e-mail scam targeting Citibank customers made the rounds in August (see story).

Citibank has posted the following message to customers under the heading "About e-mail fraud" at its Web site:

"Recently, our customers have reported receiving fraudulent e-mails that appear to be from Citibank, but which are, in fact, sent by impostors. How can you tell the difference? Fraudulent e-mails typically include attachments, request personal information, or both.

"When such e-mails are sent in our name, Citibank works aggressively with law enforcement agencies to investigate them."

On its own site, the bank also posts the text of the scam e-mails that it's aware of. The latest e-mail, which appeared to be making the rounds yesterday, was most likely not just sent to specific Citibank customers, but rather to thousands of e-mail users. By targeting large numbers of users, the perpetrators hope to snag some Citibank customers.

This is the text of the latest e-mail scam, which is similar to one Citibank lists as having been sent on Oct. 2: "Dear Citibank Member, This email was sent by the Citibank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM.

"This is done for your protection -n- because some of our members no longer have access to their email addresses and we must verify it. To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL)W, copy and paste the link into the address bar of your Web browser."

[The "-n-" and the "W" after "AOL" are included in the text of the e-mail.]

The e-mail also includes the link to the fake Citibank site.

Join the discussion
Be the first to comment on this article. Our Commenting Policies