Citibank e-mail looks phishy
Cid Carlos
Carlos.Cid at rhul.ac.uk
Sun Nov 12 08:00:13 EST 2006
Citibank e-mail looks phishy
http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=339272126-
130061744t-110000005c
"A seemingly innocent e-mail from Citibank Australia introducing a new
online banking process has been mistaken for a phishing attack.
The e-mail was sent last month and described a new sign-on procedure
that promised to be "even more secure". As part of a security upgrade,
customers were asked to update their log-in credentials. The message
also asked recipients to log on to the bank's Web site and authenticate
themselves by entering their Citicard or credit card number, and ATM PIN
(!!).
The bank has a strict policy to safeguard customers from such scams. Its
online security section says: "Customers should understand that Citibank
will never send e-mails to customers to verify personal and/or account
information... It is important you disregard and report e-mails which...
request any customer information - including your ATM PIN or account
details."
A spokesperson for Citibank was surprised that the e-mail was confused
for a possible scam and denied the bank had contradicted its security
statements. "These are all online banking customers and are used to
receiving e-mails from us. I don't believe we have contradicted
ourselves ... there is only a link to the privacy policy and we always
tell people to type in the URL". Citibank's technical and fraud
departments will investigate the situation."
carlos
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list