« Cat Season | Main | New and Improved : Super Shuffle? »
March 11, 2005
Scam of the Day : Citibank Phishing
So I woke up this morning with 3 emails in my bank from "CitiBank" with a "Security Update". At first I was concerned because I thought maybe somebody has started using my credit card. But then I got even more concerned as I realized I don't have a citibank credit card. Whats even more puzzling is that it also sent emails to writers_AT_bryantchoung.com.
Turns out this is a phishing scam, and I was impressed by the way Gmail handled this.
Phishing for those of you who aren't down with the lingo is an attempt to use devious technology to try and get personal information. This includes credit card numbers, social, drivers license etc.
Click on the smaller Screenshots for a larger view.
First Gmail's filters must have thought this might be a possible phishing attempt because the top of the email had a header inserted: Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.
Next Gmail stripped out all the Links in the email. This prevents the type of attack they were attempting. They were attempting to make a link that looked like it was going to Citibanks site instead of a DSL Modem in Turkey.
Curious to see what this phishing site looked like, I decided to look at the source of the email to get to the site. I traced the IP Address to a DSL modem in Turkey. This may or may not be true.
Upon Entry to the phishing site, the page looks real, Except for the ridiculous amount of personal information it has you include. Also people who are at all concerned would probably be worried about submitting a form like this not over a secure connection.
So after having my fun with the form, I clicked on the link in the original email that Gmail had to report this as a phishing attempt.
We'll see how long this website stays up.
For those of you who are interested here is the URL:
http://81.215.116.179/citibank/index.htm
WARNING DO NOT ENTER IN REAL INFORMATION. As far as I know this is either being sent to some teenager or al Qaeda.
Posted by Bryant at March 11, 2005 09:43 AM