Citibank e-mail looks phishy http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=339272126- 130061744t-110000005c
"A seemingly innocent e-mail from Citibank Australia introducing a new online banking process has been mistaken for a phishing attack. The e-mail was sent last month and described a new sign-on procedure that promised to be "even more secure". As part of a security upgrade, customers were asked to update their log-in credentials. The message also asked recipients to log on to the bank's Web site and authenticate themselves by entering their Citicard or credit card number, and ATM PIN (!!). The bank has a strict policy to safeguard customers from such scams. Its online security section says: "Customers should understand that Citibank will never send e-mails to customers to verify personal and/or account information... It is important you disregard and report e-mails which... request any customer information - including your ATM PIN or account details." A spokesperson for Citibank was surprised that the e-mail was confused for a possible scam and denied the bank had contradicted its security statements. "These are all online banking customers and are used to receiving e-mails from us. I don't believe we have contradicted ourselves ... there is only a link to the privacy policy and we always tell people to type in the URL". Citibank's technical and fraud departments will investigate the situation." carlos --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]