Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    January 18th, 2005
    Location
    Orlando, FL
    Posts
    122
    I received a "phishing" scam email today that was so good that I need to let people know about this immediately. I generally do not send out emails about stuff, but since this one was so well crafted, I felt I needed to let everyone know. In fact, I have notified Citibank's fraud program about this latest email so that they could investigate it further.

    The email came from a spoofed email address as powersafe@citibank.com. The subject was Account Alert!. The email suggests that somebody has been trying to access my account from a foreign IP address. Gotcha. I don' thave a Citibank account. Knowing that this was definitely a scam, I clicked the link and saw a site that looked exactly like Citibank's. No big surprise here as that is easy enough to do.

    Here was the kicker. The url was a Citibank url. Stunned to see this, I investigated further. It seems that the scammers were off by one pixel, but had launched a javascript window and placed it just over the address bar of the main window to make it seem as if the url was truly a CitiBank url. Had I not obviously known this was a fraud, I might have trusted it. Although, I am a complete skeptic here, so in those cases, I always call the operator and track it that way, but I am sure this was a very successful campaign for regular folks.

    The actual url that it takes you to is: http://www.citibank.go.ro/cgi-bin/ci...counts.jsp?M=S

    The scam form goes to http://www.thesullies.com/temp/accounts.php

    If you go to thesullies.com you see that Kevin O'Sullivan was kind enough to place a photo blog on that site.

    Registrant:
    Mr Kevin O'Sullivan
    Flat 3, 28 Medina Villas
    Hove
    East Sussex
    BN3 2RN
    UK

    Domain Name: THESULLIES.COM

    Administrative Contact, Billing Contact, Technical Contact, Agent:
    "Mr 34SP.com Hostmaster" <hostmaster@34SP.com>
    Phone: +44 906 216 1940
    Fax:

    Record last updated on 2004-03-25.
    Record expires on 2006-03-23.
    Record created on 2003-03-23.

    Domain servers in listed order:

    NS.34SP.COM 212.187.158.3
    NS2.34SP.COM 212.100.224.247

    I am sure that Citibank will be all over this guy in a few minutes....Just thought I would save you guys some headaches.
    Chris Mayr
    When amassed, even dust can become a mountain.

    There is a finite amount of intelligence but an infinite amount of stupidity in the universe

  2. #2
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,350
    Thank you for your informative post. I received the email too. I do have a citibank account, but i never respond to email alerts.

    EXCEPT once a few months ago a similiar email did get me. I had to cancel ALL my credit cards and get new accounts, as well as change my online banking info. Because I did this IMMEDIATELY after I realized how stupid I was, which was about 10 seconds after I gave out account info, nothing bad seems to have happend, and my identity seems safe, credit report etc.

    But beware, these guys are getting better every day.

    Lily

  3. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Read about Anwar Khan Auctions on Scam.com
    By belasuz in forum Midnight Cafe'
    Replies: 11
    Last Post: June 15th, 2007, 09:57 AM
  2. BUG Alert... please read!
    By Haiko de Poel, Jr. in forum Midnight Cafe'
    Replies: 1
    Last Post: August 28th, 2002, 10:40 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •