Interesting scam email

Finally, my turn to get one of those fake Citibank scam emails! /ubbthreads/images/graemlins/grin.gif and I am impressed! It looks a lot better and more believable than the fake AOL emails I got a few years ago /ubbthreads/images/graemlins/tongue.gif

Here it goes:
------------------------------------------------------------
Account Update Notification


Dear Citibank Member,



As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts.

You are requested to visit our site and fill in the required information.

<font class="small">Code:</font><hr /><pre>
https://web.da-us.citibank.com/cgi-bin/citifi/scripts/login2/login.jsp
</pre><hr />
This is required for us to continue to offer you a safe and risk free environment to send and receive money online and maintain the experience.



Thank you,

Michael V. Brave

Citibank Security Center



As outlined in our User Agreement, Citibank will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.



---------------------------------------------

Thank you for using Citibank!

---------------------------------------------

*** Do not reply to this email ***.

------------------------------------------------------------


The interesting part is that I did whois lookup on the originating IP, it came from Romania and if you have noticed, the signature on the email is "Michael V. Brave". I googled it and found out that "Michael V. Brave" (Mihai Viteazul)was actually known to be one of Romania's greatest medieval rulers. The scammer didn't just make up some BS names, they actually use something related to the rich culture and history of their country! /ubbthreads/images/graemlins/happy14.gif /ubbthreads/images/graemlins/wink.gif

Edit: Link made inert, in order to protect our members - Empath

Many other 'banks' seem to have followed suit as well recently with a flurry of 'security updates'. But I gotta admit, the first one I received (quite a few months ago) from the supposed Citibank nearly had me there, with the logo and all, but first giveaway (thankfully i noticed it) was the sender's displayed email address - it was some gibberish, and secondly it was sent to a general enquiry email account that gets forwarded to me. I've received similar emails from many other banks since then, even ones we have never heard of in Malaysia...

I used to work at citigroup as a security officer at citigroup's credit card world headquarters in Irving.
These citi scams only make me /ubbthreads/images/graemlins/crackup.gif when I see the word "security" mentioned.

The other day my bank called me on my cellphone, and the customer service rep asked for me by name. My first thought was "You're a very good phisher to get my name, hmm.."

How did I find out they were legit? Only when they asked me whether I was interested in one of their products, and I told them I couldn't afford the payments...... /ubbthreads/images/graemlins/grin.gif (they would know, HAHA!)

I've been getting the ebay and paypal spoofs.

I've gotten quite a few emails "from" Citybank too, and I don't even have an account there.
I also get the phoney emails "from" Ebay and Paypal; which I simply dispose of at once.

Likewise. Three Ebay scams in the last two days. Makes me wonder how they got my address too as it`s relatively new and not posted *anywhere* on t`internet. Ebay`s customer records server get hacked?

Just forward them all to spoof-at-ebay-dot-com (or spoof-at-paypal-dot-com for Paypal-related ones of course) and let them handle it.


/ubbthreads/images/graemlins/mad.gif

I just received one from "SunTrust"

Dear SunTrust Customer,

We are glad to inform you, that our bank is switching to new transactions security standards.
The new updated technologies will ensure the security of your payments through our bank.
Both software and hardware will be updated.
We kindly ask you to confirm your ATM card details in 24 hours by the folowing link:

http://don't use this link.com/login.html

We offer you a new convenient and safe high-quality level of service to handle your ATM card.

© SunTrust Customer Support.


Never heard of SunTrust before, anyone here?

Eric

I am also getting the same from Citi and SunTrust a few times. The problem is I am in Hong Kong and don't have accounts with them, so I tried to play along filling my user name and password and SSN information as ' gotta ' 'FBIhotline' 'call911'. I think they'll get the message /ubbthreads/images/graemlins/cool.gif /ubbthreads/images/graemlins/smirk.gif

Eric, I think Suntrust is a local chain based in Virginia. I remember seeing them in Maryland, when I lived there, and I think my parents in Florida have a Suntrust account.

daloosh

These guys are getting better, they really do make it look legit, except for the fact that you're bank just won't do that /ubbthreads/images/graemlins/wink.gif

I got this same email, and several others from banks I dont even do business with, but I guess it's easier to send it to everyone than to figure out who is an actual customer /ubbthreads/images/graemlins/wink.gif

the best one I came across was a site that had the URL obfuscated to look like the real website just as above, but what they did was link to a page, which opened a login popup window and redirected the lower window immediately to the real site. So the real site was actually displayed below while you thought you were logging in via a popup (which of course doesn't have a URL field so you can't see what you were entering.) After entering something bogus to see what would happen they actually forwarded the lower page to the error page at the bank to make you think you had just typed it wrong and to try again, at which point you were at the real banks signing page thinking you had made a type and none the wiser that you had just given it to some guy in Russia.

I was impressed, but also scared! i called both my mom and dad and reminded them not to EVER do what an email tells them too or to call me first to ask if they really thought it was real.