Sophisticated Phishing Attempt (Citi)

Discussion in 'Other Credit Card Programs' started by HaveMilesWillTravel, Oct 20, 2012.  |  Print Topic

  1. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Just received this email:


    ACCOUNT NUMBER: XXXX-XXXX-XXXX-1234

    Dear HaveMilesWillTravel,

    The following email is about your credit card account:

    Why we're writing you
    Your account has been temporarily restricted for future transactions.
    We have suspicions regarding the billing address:

    Address: <my real address>

    Here's what you need to do
    If this is your billing address, please follow the address below to unblock your account.

    http://online.race-citi.com/US/svc/NEXT.do?SYNC_TOKEN=<long token value>

    If this is not your address, please contact us immediately at 1-800-347-4934.

    Quality service and the security of your account are of great importance to us.

    Sign on to Account Online anytime to review your recent account activity or to update your account information.

    We appreciate each opportunity to serve you.

    Sincerely,
    Customer Service



    Probably the most sophisticated phishing attempt I have seen:

    - layout and formatting like other Citibank emails
    - no blatant spelling mistakes
    - my real address
    - my real name
    - correct last four digits of my Citi VISA
    - the email address is one I exclusively use for credit card companies (!)

    But race-citi.com isn't registered by Citibank (http://whois.domaintools.com/race-citi.com) and was registered just six days ago. The mailing address has been my correct and valid mailing address for years.
     
  2. iolaire
    Original Member

    iolaire Gold Member

    Messages:
    3,510
    Likes Received:
    5,767
    Status Points:
    4,170
    HaveMilesWillTravel likes this.
  3. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    It's quite possible. It's disconcerting that they know my "credit card" email address, and that they know that the last four digits of my card belong to a Citibank-issued card. That leads me to believe that the leak is with Citibank.
     
  4. iterfacio12

    iterfacio12 Silver Member

    Messages:
    239
    Likes Received:
    295
    Status Points:
    460
    Tough breaks; I hate when this winds up occurring. As inconvenient as it will likely be, I also would suggest changing your account passwords, as well as forwarding the email to Citi for their attention.
     
    Kalboz likes this.
  5. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Yeah, first thing I did was forward it to spoof@citicorp.com.
     
  6. kansaskeith

    kansaskeith Gold Member

    Messages:
    2,486
    Likes Received:
    5,786
    Status Points:
    4,070
    Did you call the number on the back of your credit card and ask if transactions have been restricted?

    As for the phone number in the email, Googling that *seems* to bring up Citi-related references, including pages from FT. I did a *67 (to block my number) and then called that number in the e-mail you posted and it seems to be very sophisticated but never uses the word "Citi," at least as I could tell.

    Something seems odd indeed, but there's enough apparent legitimacy that if it were me I would call the number on the back of your credit card and ask a human if it has been restricted.

    Also, let us know what you hear back from the "spoof" people at Citicorp.
     
  7. kansaskeith

    kansaskeith Gold Member

    Messages:
    2,486
    Likes Received:
    5,786
    Status Points:
    4,070
    I went to the Citi page I use to access my credit card information, scrolled to the bottom, clicked "contact us," and indeed 1-800-347-4934 the number it lists for "on line technical assistance." What would "on line" matters have to do with your billing address? But then again, if this is a phish why would the phishers chance it by putting a real Citi number in the e-mail? In the old-fashioned, non-sexual sense of the word, this is queer indeed.
     
  8. NYCUA1K

    NYCUA1K Gold Member

    Messages:
    4,743
    Likes Received:
    5,088
    Status Points:
    4,270
    I primarily bank with Chase and the one thing they insist on watching out for is that their legit emails will never ask you to: "please follow the address below to unblock your account." That is the giveaway that it is a phishing expedition. Whenever Chase suspects fraud, they will send a text message, an email, as well as call my cell phone, all asking that I call them back. If a fraudulent charge is suspected, they will include recent random transactions along with the one that they suspect and ask me to contact them if I do not recognize one or more of these, and access to the account would be temporarily restricted until the situation is resolved. But it will involve no disclosure of any personal information on my part...

    This brings to mind a very recent discussion where the OP was confident to have all the protection that he needs from the credit card company, at no extra charge. The fact of the matter is that there are people out there who can forge a transaction and make it seem so real that a creditor's "investigation" would do nothing for you and you'll be liable for the charge. What it seems here is that someone has pretty much divined your identity...

    Paying a little extra to have your credit card accounts monitored for appearance in strange websites or places where they have no business appearing could help a bit.
     
    Kalboz likes this.
  9. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Because (1) they probably don't have a phone number (and if they did, they'd probably have an accent like "Peggy") and (2) the email says to call the number if the address is incorrect, but presumably they know that the address is in fact correct, and so they count on me not going down that path.
     
  10. travelinmike33
    Original Member

    travelinmike33 Silver Member

    Messages:
    172
    Likes Received:
    172
    Status Points:
    395
    I'm pretty sure I've seen phishing emails before that look like they cut/pasted the privacy declaration at the bottom from whatever bank they are pretending to be, including links. For example it will say something like
    The privacy link does actually link to Chase's website, but the link within the email is the one they ask you to click and will take you elsewhere.

    Seems like they might consider using Citi's phone number as an attempt at proving legitimacy, though it is risky. Or maybe they just copy and pasted a legitimate email, changing only the link.
     
    Kalboz likes this.
  11. ConsultingChris

    ConsultingChris Silver Member

    Messages:
    142
    Likes Received:
    226
    Status Points:
    360
    If you haven't used up your max, I would check your credit report on https://www.annualcreditreport.com/ for suspicious entries. If someone has that much info in their phishing database, they could be using it for more than e-mails.

    In the future, make sure you watch what you throw away and where you are throwing it away. The most successful scams are the ones where they have harvested information from the trash.
     
  12. NYBanker
    Original Member

    NYBanker Gold Member

    Messages:
    32,725
    Likes Received:
    191,901
    Status Points:
    20,020
    Smart.
     
    ConsultingChris likes this.
  13. wrxmom

    wrxmom Gold Member

    Messages:
    1,161
    Likes Received:
    3,558
    Status Points:
    1,945
    Consider a Crosscut shredder like this one from Staples - http://www.staples.com/Staples-15-Sheet-Cross-Cut-Shredder/product_740132 - (it even does credit cards) and get UR points and free shipping. :)
     
  14. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Everything even remotely "interesting" goes into my shredder.

    And yes, I am do for a credit review anyway this month, so I am going to look.
     
    ConsultingChris likes this.
  15. slickw

    slickw Silver Member

    Messages:
    16
    Likes Received:
    11
    Status Points:
    105
    +1 Always use unique and complex passwords for websites that contain your personal/financial information. There are password-stealing viruses/trojans but from my experience most people either give up their credentials to a phishing email or some other site they have registered with has poor security and the usernames/passwords are pilfered and then used on multiple other sites.
     

Share This Page