Citibank Email Fraud

A few minutes ago I got a brand new version of a Citibank fraud in my inbox... The subject line says "Important Fraud Alert from Citibank", and I actually almost clicked on that thing before I came to my senses... a quick check revealed that this mail came from a prodigy email address, so it's for sure not the real thing.

The email comes in full citibank colors and warns the reader that due to fraud...blah, blah, blah... you should reconfirm your account information. With a nice friendly link to click on.

The link address is not very well hidden and sends the browser off to a login page at http://211.239.150.170, which is urbanus.co.kr and seems to be a valid Korean online magazine - I'm wondering if they know what they are hosting...

The login page at http://211.239.150.170/login/login.htm looks exactly like citibank's homepage - everything, even the tracking pixels in the page are from the original citibank site. The only change is the login form which asks for yor ATM card info and will forward all your information to a PHP script hosted on the same server (urbanus.co.kr).

The script at http://211.239.150.170/login/form.php will probably save your citibank login in a database and a fake error message is displayed which then redirects you to the real citibank site.

This fraud email was done a lot more professionally than the last few I've dissected... it worries me that a lot of people will not be able to discern this stuff from valid emails. I wish I could think of a way to stop this kind of stuff, but I guess for now we can only try and warn all the people out there and hope that nobody falls for these scams.

Update 01/12/04:The fake pages have disappeared from the Korean website - I guess citibank must have sent them one unhappy email...