blitzing bank customers again
Online banking customers, you are
under attack by phishers.
Phishers are con artists who send spam e-mails created
to look like they are from a legitimate company -- but the e-mails
are really a scam aimed at stealing your personal information.
Each month, tens of thousands of new versions of these
e-mails go out across the country, according to the Anti-Phishing
Work Group, an industry association focused on eliminating the identity
theft and fraud that result from the growing problem of phishing
and e-mail spoofing.
These scam attacks are growing fast -- by an average
of 26 percent a month. Financial institutions continue to be the
most targeted industry sector, according to a report released by
Anti-Phishing Work Group in February. About three-quarters of the
attacks are on financial brands.
we reported in 2003, Citibank customers were targeted then by
a phishing e-mail. Now the cons are at it again with a new, more
threatening, e-mail. These scammers have the audacity to tell you
that because of the huge problem with identity theft, you must verify
all your personal information to protect your account.
"Dear CitiBank customer,"
the e-mail reads. "Recently
there have been a large number of identity theft attempts targeting CitiBank customers.
In order to safeguard your account, we require that you confirm your banking details.
This process is mandatory, and if not completed within the nearest time your account
may be subject to temporary suspension. To securely confirm your Citibank account
details please go to: (Web site link). Thank you for your prompt attention to
this matter and thank you for using CitiBank! (signed) Citi® Identity Theft
Solutions. (Footnote:) Do not reply to this email as it is an unmonitored alias."
e-mail is a fake. CitiBank says so right on its Web site:
Internet user should know about spoof (a.k.a. phishing or hoax) e-mails that appear
to be from a well-known company but can put you at risk. Although they can be
difficult to spot, they generally ask you to click a link back to a spoof Web
site and provide, update or confirm sensitive personal information. To bait you,
they may allude to an urgent or threatening condition concerning your account."
there's something even more sinister in this e-mail. It's targeted to those of
you who may suspect this is a scam, yet might let your curiosity get the better
Curiosity killed the consumer
"Even if you don't provide what they ask for, simply clicking the link could
subject you to background installations of key logging software or viruses,"
warns the CitiBank Web site.
This isn't paranoia. It's something
the Federal Trade Commission has been warning consumers about.
you get an e-mail or pop-up message that asks for personal or financial information,
do not reply or click on the link in the message," states a recent release
from the FTC.
By clicking on the link in a phishing e-mail
-- even just to see what it looks like, you risk having spyware or key-logging
software downloaded onto your computer without your knowledge. That means everything
you type -- passwords, user IDs, account information and Web sites you visit --
can be tracked by identity thieves. Your bank account could be emptied, your credit
cards charged to the max and your identity could be stolen. That's a big price
to pay for a little curiosity.
But for those of you who can't
withstand the temptation, here's what would be on the page if you did open the
link: You'd be taken to a phony Web site that looks a lot like the official CitiBank
page -- with logos and everything. It would contain instructions for you to fill
in your personal information.
It's important to remember that
anyone can build an official-looking Web site. Don't
If a suspicious e-mail has you concerned about your
account, contact your financial organization using a telephone number
you know to be genuine -- either from your bank statement or a telephone
listing. And remember, your bank, credit card company or any financial
organization you do business with will never ask you for personal
information in that manner.
What can you do?
Even people who do not have accounts with CitiBank may receive the
e-mail because it is sent as spam to as many e-mail accounts as
To avoid becoming a phishing or identity theft victim,
never reply to unsolicited e-mail. Keep your computer updated with
the latest virus protection software and install a pop-up blocker
on your computer. A popular pop-up blocker is available from toolbar.google.com.
You can report phishing e-mails by forwarding
them to the FTC at firstname.lastname@example.org. If you believe you've been scammed,
contact your bank immediately, then file your complaint at www.ftc.gov.