Citibank e-mail looks phishy

Cid Carlos Carlos.Cid at
Sun Nov 12 08:00:13 EST 2006

Citibank e-mail looks phishy

"A seemingly innocent e-mail from Citibank Australia introducing a new
online banking process has been mistaken for a phishing attack.
The e-mail was sent last month and described a new sign-on procedure
that promised to be "even more secure". As part of a security upgrade,
customers were asked to update their log-in credentials. The message
also asked recipients to log on to the bank's Web site and authenticate
themselves by entering their Citicard or credit card number, and ATM PIN
The bank has a strict policy to safeguard customers from such scams. Its
online security section says: "Customers should understand that Citibank
will never send e-mails to customers to verify personal and/or account
information... It is important you disregard and report e-mails which...
request any customer information - including your ATM PIN or account
A spokesperson for Citibank was surprised that the e-mail was confused
for a possible scam and denied the bank had contradicted its security
statements. "These are all online banking customers and are used to
receiving e-mails from us. I don't believe we have contradicted
ourselves ... there is only a link to the privacy policy and we always
tell people to type in the URL". Citibank's technical and fraud
departments will investigate the situation."


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list