Just received this email: ACCOUNT NUMBER: XXXX-XXXX-XXXX-1234 Dear HaveMilesWillTravel, The following email is about your credit card account: Why we're writing you Your account has been temporarily restricted for future transactions. We have suspicions regarding the billing address: Address: <my real address> Here's what you need to do If this is your billing address, please follow the address below to unblock your account. http://online.race-citi.com/US/svc/NEXT.do?SYNC_TOKEN=<long token value> If this is not your address, please contact us immediately at 1-800-347-4934. Quality service and the security of your account are of great importance to us. Sign on to Account Online anytime to review your recent account activity or to update your account information. We appreciate each opportunity to serve you. Sincerely, Customer Service Probably the most sophisticated phishing attempt I have seen: - layout and formatting like other Citibank emails - no blatant spelling mistakes - my real address - my real name - correct last four digits of my Citi VISA - the email address is one I exclusively use for credit card companies (!) But race-citi.com isn't registered by Citibank (http://whois.domaintools.com/race-citi.com) and was registered just six days ago. The mailing address has been my correct and valid mailing address for years.