Danger! Scammers blitzing bank customers again
By Amy C. Fleitas • Bankrate.com

Online banking customers, you are under attack by phishers -- again.

Phishers are con artists who send spam e-mails created to look like they are from a legitimate company -- but the e-mails are really a scam to steal your personal information.

In June alone, 1,422 new versions of these e-mails were sent out across the country, according to the Anti-Phishing Work Group, an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and e-mail spoofing.

These scam attacks are growing fast -- by an average of 52 percent a month. And which organization is most spoofed by these attacks? CitiBank, again, says the watch group

As we reported last year, Citibank customers were targeted then by a phishing e-mail. Now the cons are at it again with a new, more threatening, e-mail. These scammers have the audacity to tell you that because of the huge problem with identity theft, you must verify all your personal information to protect your account.

"Dear CitiBank customer," the e-mail reads. "Recently there have been a large number of identity theft attempts targeting CitiBank customers. In order to safeguard your account, we require that you confirm your banking details. This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension. To securely confirm your Citibank account details please go to: (Web site link). Thank you for your prompt attention to this matter and thank you for using CitiBank! (signed) Citi® Identity Theft Solutions. (Footnote:) Do not reply to this email as it is an unmonitored alias."

This e-mail is a fake. CitiBank says so right on its Web site:

"Every Internet user should know about spoof (a.k.a. phishing or hoax) e-mails that appear to be from a well-known company but can put you at risk. Although they can be difficult to spot, they generally ask you to click a link back to a spoof Web site and provide, update or confirm sensitive personal information. To bait you, they may allude to an urgent or threatening condition concerning your account."

But there's something even more sinister in this e-mail. It's targeted to those of you who may suspect this is a scam, yet might let your curiosity get the better of you.

Curiosity killed the consumer
"Even if you don't provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses," warns the CitiBank Web site.

This isn't paranoia. It's something the Federal Trade Commission has been warning consumers about.

"If you get an e-mail or pop-up message that asks for personal or financial information, do not reply or click on the link in the message," states a recent release from the FTC.

By clicking on the link in a phishing e-mail -- even just to see what it looks like, you risk having spyware or key-logging software downloaded onto your computer without your knowledge. That means everything you type -- passwords, user IDs, account information and Web sites you visit -- can be tracked by identity thieves. Your bank account could be emptied, your credit cards charged to the max and your identity could be stolen. That's a big price to pay for a little curiosity.

But for those of you who can't withstand the temptation, here's what would be on the page if you did open the link: You'd be taken to a phony Web site that looks a lot like the official CitiBank page -- with logos and everything. It would contain instructions for you to fill in your personal information.

It's important to remember that anyone can build an official-looking Web site. Don't be fooled.

If the e-mail has you concerned about your account, contact your financial organization using a telephone number you know to be genuine -- either from your bank statement or a telephone listing. And remember, your bank, credit card company or any financial organization you do business with will never ask you for personal information in that manner.

No one is immune
Even people who do not have accounts with CitiBank may receive the e-mail because it is sent as spam to as many e-mail accounts as possible.

Falling right behind Citibank, the organizations most spoofed by phishers in June were eBay and U.S. Bank, according to the Anti-Phishing Work Group. Other targets of similar attacks in the past were customers of Yahoo!, AOL, Earthlink, PayPal, BestBuy.com, Discover Card and SonyStyle.com -- to name a few.

What can you do?
To avoid becoming a phishing or identity theft victim, never reply to unsolicited e-mail. Keep your computer updated with the latest virus protection software and install a pop-up blocker on your computer. A popular pop-up blocker is available from toolbar.google.com.

You can report phishing e-mails by forwarding them to the FTC at spam@uce.gov. If you believe you've been scammed, contact your bank immediately, then file your complaint at www.ftc.gov.