Sunday, October 10, 2004


I received a fraudulent email today. This was one of the better ones I've seen, but the grammar was still bad. The sender claimed to be from Citibank. They sent me a link in an email and asked me to enter my Citibank Visa/ATM card number and PIN into the popup that appeared at the Web site. You can read the subject line and message text of the email I received at the end of this post.

Of course, I didn't do it. Instead, I went to the Cititbank Web site and reported it. And, I went to the FBI Web site and reported it to them, too.

The FBI responded quickly and with some really good tips that I'm going to share with you, now:

The FBI offers the following tips for Internet users:
* If you encounter an unsolicited e-mail thatasks you, either directly, or through a website,for personal financial or identity information,such as Social Security number, passwords, orother identifiers, exercise extreme caution.

* If you need to update your information online,use the normal process you’ve used before, or opena new browser window and type in the websiteaddress of the legitimate company’s account maintenance page.

* If a website is unfamiliar, it’s probably notreal. Only use the address that you have usedbefore, or start at your normal homepage.

* Always report fraudulent or suspicious e-mailto your Internet Service Provider. Reportinginstances of spoof websites will help get thesebogus websites shut down before they can do anymore harm.

* Most companies require you to log in to asecure site. Look for the lock at the bottom ofyour browser and “https” in front of the website address.

* Take note of the header address on thewebsite. Most legitimate sites will have arelatively short Internet address that usuallydepicts the business name followed by “.com” orpossibly “.org”. Spoof sites are more likely tohave an excessively long string of characters inthe header, with the legitimate business namesomewhere in the string, or possibly not at all.

* If you have any doubts about an e-mail orwebsite, contact the legitimate company directly. Make a copy of the questionable web site’s URLaddress, send it to the legitimate business andask if the request is legitimate.

* If you’ve been victimized by a spoofed e-mailor website, you should contact your local police or sheriff’s department, and file a complaint with the FBI’s Internet Fraud Complaint Center at

Citibank e-mail verification - lionflo

Dear ­Citibank Me­mber,

Th­is ­ema­i­l­ ­was­ sent ­by th­e Citibank ­se­r­ver ­to ve­ri­fy your e-m­a­il­ ­ad­dre­s­s. You must comp­lete this process by cl­i­cking ­on the­ l­i­nk b­e­l­o­w and e­nteri­ng­ in the s­mall­ win­dow yo­ur Citi­ba­nk ATM/Debi­t Card number­ a­nd PIN­ t­ha­t­ y­o­u use on­ ­AT­M­. This is d­on­e­ for your p­rotection ­
becau­se some ­of ­our m­emb­e­rs no­ l­onger ­h­ave­ acc­es­s t­o their e­mail­ addr­e­sses and­ we m­ust verify­ i­t. To verify your ­e-mai­l addr­ess and a­cces­s you­r ban­k a­cco­u­nt, click­ ­on th­e lin­k below:

(link removed)