CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Beware!: ALERT: ''CitiBank'' Card Security ALERT image
Identity Theft
Anonymous writes "AACUG security advocacy group has detected a new internet
scam wherein perpetrator is fraudulently hijacking the
identity of Citibank to gain access to Citibank charge card
holders accounts.
(Within the past 12 hours: 6:46 am EST 12/27/2003/)

BEWARE:

The email is addressed from: accounts@citibank.com
(or derivatives thereof)

It may include an Authentication-Warning

The email reads:

> Dear Citibank Member,
> This email was sent by the Citibank server to
> verify your E-mail address. You must complete
> this process by clicking on the link below and
> entering in the small window your Citibank
> ATM/Debit Card number and PIN that you use on ATM.

ALERT:
------

The perpetrator is using several domains as receptacles
for the online form results, primarily:

> http://www.bolimahuia.addr.com/

email recipients using 'html' mail will NOT see this
domain, however will see a forged domain at:

> https://web.da-us.citibank.com/

leading them to believe it is a secure domain.

The perpetrator is linked by the national Whois directory
as:

> AfterGen, Inc (ADDR8-DOM)
> 1608 W. Campbell Ave
> Suite 368
> Campbell, CA 95008, US
> Administrative Contact: Bourov, Anthony
> ab@bourov.com

ACTION:
------

If you receive any email masquerading as Citibank or, any other
charge card bank -- and requesting your ID, account number, PIN,
or other sensitive information,

DO NOT REPLY. Repeat: DO NOT REPLY.

If you are a Citibank card holder, and have inadvertently replied
to such an email, or you know someone how has, you are urged to
call 1-800-374-9700 immediately.

REPORT IMMEDIATELY:
------------------

Citibank:
https://www.citibank.com/us/cbna/email_abuse/new/form.htm

Office of Inspector General: (OIG)
http://www.ssa.gov/oig/public_fraud_reporting/index.htm

Federal Trade Commission (FTC)
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03

Federal Bureau of Investigation (FBI)
https://tips.fbi.gov/

BEST COURSE OF ACTION:
---------------------

Contact your state's Attorney General. Full contact information
for every Attorney General can be found on the National
Association of Attorneys General (202-326-6000)
Master List Of Attorneys General:
* http://www.naag.org/ag/full_ag_table.php

INCLUDING WHOIS INFORMATION IN YOUR COMPLAINT:
---------------------------------------------
If you wish to be armed with the Whois information pretaining to
computer fraud, online scams, and potential attempted crimes,
copy the root domain of the link advertised in the email (Must:
turn off html, or reveal headers in your email program) and
paste it into the domain field at the Whois sites below.

The root domain is the name immediately before the web address
extension -- not including any preceding words before a dot:
http://www.THIS.com/ (this.com, this.net, this.org, this.biz, etc.)
http://www.sales.this.com/ (this.com -- NOT: sales.this.com)
http://www.qicsuble@www.this.com/ (this.com, ignore @ and www.)

GeekTools Whois:
http://www.geektools.com/whois.php
(You will be required to decipher a numeric code for security)

Global Whois:
http://www.ratite.com/whois/

BEWARE FALSIFIED WHOIS DATA
---------------------------
Most spamers and other online criminals evade detection by
forging the information or using stolen identities in the Whois
registry. While this is strictly illegal, and against ICANN/Whois
regulations for registrars, it is almost never enforced. In fact,
many spammers and organized cyber crime syndicates actually own
their registrar or are their own registrar. So, the Whois information
you supply to authorities may not be the actual criminal perpetrator.
The Whois information will also disclose who the registrar of record
is for further investigation. The registrar will not be forged.

---------------------------
This has been an AACUG Online Security Alert from the Advocacy Group
at the Association of Apple Computer Users & Groups
http://www.aacug.org/safenet/

"
Posted on Saturday, 27 December 2003 @ 11:25:35 UTC by phoenix22 (3087 reads)
[ Trackback ]		image

"Beware!: ALERT: ''CitiBank'' Card Security ALERT" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· PHP HomePage
· HotScripts
· Apple
· W3 Consortium
· HTML Standard
· Spam Cop
· More about Identity Theft
· News by phoenix22

Most read story about Identity Theft:
Kinko's spy case highlights risks of public Internet Terminals
block bottom
Article Rating
spacer
Average Score: 3.33
Votes: 3


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
81ppm 0.154s (0.006s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer