hi all, rhonda received this email last night.
when you feed a browser the given url, the citibank page comes up. but you also get a small page with a form that asks for your bank account number and PIN. i had to do a double take. we DO have a citibank account via an investment account we have. on one hand, a bank *NEVER* asks you for your PIN. even in person when you're at the bank. So they certainly wouldn't ask you for a PIN over the net. they also slip up and go between "citibank" and "citybank". they also mispell "becaurse". the email is misformatted and not sent from a citibank.com address. they didn't even try to add bogus headers. it just doesn't look real. the whole thing is amateurish. but the URL is what made me do a double take. i've never seen that before. they somehow managed to get a "www.citibank.com" url, tack on some wierd characters, and obviously put up some kind of page that piggybacks(?) on citibank.com. it's a nice effect. i'm absolutely certain this will fool some non-savy people. my question is -- how is this done? how does this URL: http://www.citibank.com:[EMAIL PROTECTED]/3/?IYTEw 4eVTtbH1w6CpDrT bring up citibank.com's webpage and then another page with the account/PIN grabber? i've never seen anything like this before. pete --- Verify <[EMAIL PROTECTED]> wrote: > X-Apparently-To: [EMAIL PROTECTED] via > 216.136.173.101; Wed, 24 Sep 2003 17:09:51 -0700 > X-YahooFilteredBulk: 68.81.128.134 > Return-Path: <[EMAIL PROTECTED]> > Received: from 68.81.128.134 (HELO > pcp01335001pcs.fairmt01.pa.comcast.net) > (68.81.128.134) > by mta109.mail.sc5.yahoo.com with SMTP; Wed, 24 > Sep 2003 17:09:50 -0700 > Received: from three.serpentine.com [129.134.135.20] > by pcp01335001pcs.fairmt01.pa.comcast.net (Postfix) > with ESMTP id D97F786D2469 for <[EMAIL PROTECTED]>; > Thu, 25 Sep 2003 08:09:43 +0000 > Date: Thu, 25 Sep 2003 08:09:43 +0000 > From: Verify <[EMAIL PROTECTED]> > Subject: Citibank E-mail Verification > To: BAKEY17 <[EMAIL PROTECTED]> > References: <[EMAIL PROTECTED]> > In-Reply-To: <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Reply-to: Verify <[EMAIL PROTECTED]> > Sender: Verify <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: text/plain > Content-Transfer-Encoding: 8bit > Content-Length: 926 > > Dear Citibank Member, > > This email was sent by the Citibank server to verify > your e-mail address. You must > complete this process by clicking on the link below > and entering in the small window > your Citibank ATM/Debit Card number and PIN that you > use on ATM. > This is done for your protection --- becaurse some > of our members no longer have access > to their email addresses and we must verify it. > > To verify your e-mail address and access your > account, > click on the link below. If nothing happens when you > click on the > link (or if you use AOL), copy and paste the link > into the address bar of > your web browser. > > > http://www.citibank.com:[EMAIL PROTECTED]/3/?IYTEw4eVTtbH1w6CpDrT > > > --------------------------------------------- > Thank you for using Citibank! > --------------------------------------------- > > This automatic email sent to: [EMAIL PROTECTED] > Do not reply to this email. ----- End forwarded message ----- -- GPG Instructions: http://www.dirac.org/linux/gpg GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
