Image courtesy: peevee@ds

I was wandering what to post today. When I was thinking about the topic, I received another interesting email to my admin email address of this blog. That email is added below. Read it carefully.

From: CitiBusiness [mailto:csupport.id26701-9565967340CBF@citibank.com]
Sent: Tuesday, February 26, 2008 8:03 PM
To: Admin
Subject: CitiBusiness: please update your data.

Dear CitiBusiness customer,

CitiBusiness new Scheduled Maintenance Program protects your data from unauthorized access. CitiBusiness Online Form is important addition to our scheduled maintenance program.
Please use the link below to access CitiBusiness Online Form:

CitiBusiness Online Form

Please do not reply to this auto-generated email. Follow instructions above.

When you read this, you will get an idea that the real Citi bank customer service has written this. You will definitely click the link and impatiently wait until the web page loads. I don’t have any connection with the citi bank. Therefore I suspected that this is a scam. What I did was, I checked the URL in the link given in the email I received. Here it is and have a close look at it. Check whether you notice anything.

http://citibusiness.citibank.com.losao1.es/businessdir/cbof/start.do/

?ref=89359052406999261772635660432086023000757642467292293

1377109&session=7632008

You won’t notice much difference most probably. Because you will see the first few words as http://citibusiness.citibank.com and you will ignore the rest and continue with the instruction in the web page that you will see next. But if you have a closer look at it, you’ll find that the web address ends with .es (Not the whole URL). The web address is highlighted below.

http://citibusiness.citibank.com.losao1.es/businessdir/cbof/start.do/

?ref=89359052406999261772635660432086023000757642467292293

1377109&session=7632008

This is not the real web address of Citi bank. I have given the real web address beow.

http://www.citibank.com/us/index.htm

The people who are behind this scam are more intelligent than the PayPal scam I explained in an earlier post. Because they have used the citibank.com part in their web address as a sub domain. The actual web address is losao1.es which is a web address of Spain. When you click the URL in the email, you will be directed to a page like below.

You won’t think that this page is not an original one when you see it. I’m not quite sure about the Citi bank business code. If it is something important and confidential like a credit card number and if you have a code, you will definitely enter it. Then they have your id and they can use it for their evil intentions. I just put a random number with an English letter and hit enter.

There was no error given and directed to another page. Therefore I feel that there is no much usage of pirating this id. The next page I saw is given below.

It is a login form and I entered random values again. No error was thrown and I was directed to another page as shown below.

The details you have to enter here must be important to these people. Because a normal user will enter their real data believing that this is a real. The people who are behind this scam most probably contact you by using the details provided in this form and definitely ask for financial data like account number, pin number and credit card details. They will give you a good excuse for it like upgrade of the system. If you do this, you are doomed.

As I did earlier, I added random values and clicked “Confirm” button. Then a popup message box was shown as below.

If you look carefully, you will see the above mentioned fake Citi bank web address in the title of the message box. The only truth they have told, I could find here. When I clicked “OK” I was directed to the real Citi bank website. So I’m pretty confident that their needed information was in the form I mentioned above.

If you have a Citi bank id, you will definitely put your real data in that form and there is a very good chance that you will be caught into trouble. What I wanted to emphasis by revealing this scam is to ask you to be more careful when you receive these kinds of emails. Any bank or other monetary organization won’t ask your private details in a way like this. Therefore you must inquire about this from the real business entity. And you must also carefully examine the URLs given in the email and data validation in the pages you will be directed after clicking that link. By doing this you will be able to get rid off from your worst nightmares.