Full Disclosure mailing list archives
Huge amounts of Citipank phishing spam seen this weekend.
From: Feher Tamas <etomcat () freemail hu>
Date: Mon, 5 Jul 2004 13:15:30 +0200 (CEST)
Return-Path: <safe () citibank com> Delivered-To: xy () z com Received: (qmail 26637 invoked by alias); 5 Jul 2004 10:22:42 -0000 Delivered-To: xy () z com Received: (qmail 26625 invoked from network); 5 Jul 2004 10:22:42 -0000 Received: from unknown (HELO xxxxx) (192.168.xxx.xxx) by xxxxx.xxxxx.com with SMTP; 5 Jul 2004 10:22:42 -0000 Received: from [192.168.xxx.xxx]:3815 (EHLO xxxxxxx) by xxxxxx ([192.168.xxx.xxx]:25) (censored) with SMTP; Mon, 5 Jul 2004 10:22:39 -0000 Received: from avenirdev.net2.nerim.net (avenirdev.net2.nerim.net [213.41.129.36]) by xxxxxxxx (8.12.9/8.12.9) with SMTP id i65AMbvX009990; Mon, 5 Jul 2004 12:22:38 +0200 X-Message-Info: EUZieVCD797cazJifePDLup79PXxd1+Jmeve090esDKB Received: from bvoadkrq795.yahoo.com ([183.192.129.62]) by cv840-ena634.yahoo.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 05 Jul 2004 14:02:44 +0300 Received: from Byronz447z00uvb7j ([192.91.180.33]) by mxbj13.yahoo.com (InterMail vM.5.01.06.05 105-294-922-056-415-584970568) with SMTP id <5635443945.NANBL433.zsvlyce336.yahoo.com@bootleggedve0rum66afa40fp> for <xy () z com>; Mon, 05 Jul 2004 06:04:44 -0500 Message-ID: <179zi495neg7525$29816$x937hcd073@Byronsmb495qc15mza67qrv> From: "Support" <safe () citibank com> To: <xy () z com> Subject: Urgent Update: CitiSafe by Citibank Date: Mon, 05 Jul 2004 17:02:44 +0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--60788191235995120027" X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on xxxxx X-Spam-Level: ** X-Spam-Status: No, hits=2.0 required=4.5 tests=BAYES_40,HTML_MESSAGE, HTML_TITLE_UNTITLED,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI, NORMAL_HTTP_TO_IP autolearn=no version=2.63 ----60788191235995120027 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <html> <head> <title>Untitled Document</title> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859= -1"> </head> <body bgcolor=3D"#FFFFFF" text=3D"#000000"> <b>Dear Citibank Customer</b>, <p> We recently noticed one or more attempts to log in to your Citibank<br=
account from a foreign IP address and we have reasons to believe that<br=
there was attempts to compromise it with brute forcing your PIN number.<= br> No successful login was detected and you have full protection by now. <b= r> If you recently accessed your account while travelling, the unusual logi= n<br> attempts may have been initiated by you.</p> <p><i>The login attempt was made from:<br> IP address: 173.97.087.24<br> ISP Host: cache-89.proxyserver.cis.com</i></p> <p> By now, we used many techniques to verify the accuracy of the<br> information our users provide us when they register on the Site.<br> However, because user verification on the Internet is difficult, Citiban= k<br> cannot and does not confirm each user's purported identity. Thus, we<br>= have established an offline verification system to help you evaluate wit h<br> whom you are dealing with. The system is called CitiSafe and it's<br> the most secure Citibank wallet so far.</p> <p> If you are the rightful holder of the account, click the link bellow, = fill<br> the form and then submit as we will verify your identity and register yo= u<br> to CitiSafe free of charge. This way you are fully protected from fraudu= lent<br> activity on all the accounts that you have with us.</p> <p> <u><b><a href=3D"http://219.148.127.66/scripts/confirmation.htm">Click= to protect yourself from fraudulent activity!</a></b></u></p> <p> To make Citibank.com the most secure site, every user will be <br> registered to CitiSafe.</p> <p> <u>NOTE! If you choose to ignore our request, you leave us no choice b= ut to<br> temporally suspend your account.</u></p> <p> * <u>Please do not respond to this e-mail, as your reply will not be r= eceived.</u></p> <p>Regards, <b>Citibank Customer Support</b><br> </p> </body> </html> ----60788191235995120027-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Huge amounts of Citipank phishing spam seen this weekend. Feher Tamas (Jul 05)
- Re: Huge amounts of Citipank phishing spam seen this weekend. Duncan Hill (Jul 05)