Saturday, February 2, 2008

Anatomy of a Phishing Scam Email

I just received this piece of crap spam. The reason I know it's a piece of crap spam? I don't have a fucking Citibank account. (Not that I would fall for the ridiculous, laughable link displayed in the body of the email)

So, children, if you see this in your inbox, forward it to emailspoof@citigroup.com. I already did. Together, we can kill these fuckers. Good day!

(P.S. - as an added bonus, I'm going to point out the retardation factor in this email via bold print commentary)

-----------------------------------------------
Subject: View Your Account (Action Required)

Dear Citibank Online Customer,

It has come to our attention that your Citibank account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website.

This line pisses me off, because they're using fear to get people to fall for this shit.

Due to your recent account activity, we are kindly asking you to confirm that ONLY you manage your Citibank account, and the recent money transfers were made by you.

I doubt that the folks at Citibank would use ALL CAPS as a way to emphasize a point, rather than, say, italics.


If you did not effectuated the money transfers, you can confirm by logging to your account and filling up the verification procedure here:

So here, they're saying, "we want to you to give us your bank account information whether you like it or not. Effectuated? A big gigantic festering clue that this was written by a kid, or someone overseas.

https://web.da-us.citibank.com/cgi-bin/citifi/update/l/l.do

Would you look at this link? I don't know about you, but I have no idea what ".do" relates to, which makes it even scarier. They were cunning enough to use "https," which means that the site is secure.

But perhaps the scariest part is this: When you click on this, and I did, the link turns out to be this:

http://krispykernel.utsn.net/~james/cfg/web.da-us.citibank.com/
cgi-bin/citifi/portal/l/l.do.htm

No "https," but "http." Not secure. At. All. Another huge clue? The ad that appears on the page is fake and not clickable. Just a jpeg image.


Once you have updated your account records, your Citibank account be fully protected.

Thank you for banking with Citibank.
Citibank Security

Security. Riiight. As if a bank guard is killing time between holdups writing emails to protect customers from fraud

2 comments:

nikoeternal.com said...

The other day I got an email from a gay chat site, (pauses as he looks for the site........please hold.......)gayguyschat.com. I'm pretty cautious about these things, especially since it said there were 3 messages waiting for me, so when it asked me to create a password, I actually entered the word "password". It didn't accept it the first couple of times, but finally it went thru to another page which asked me for my HOTMAIL PASSWORD! :-/ Bastards!

Chris said...

The only way to be certain is to exit your email and go directly to that site and log in (if you have an account with them).

It's messed up that even today, people fall for this and get screwed over.

If you didn't set up an account, then they shouldn't have any message for you.

I'm always tempted to click reply and fuck with these people, or put in bogus information that they'll try to use.

Can you send a grenade through email these days?