Do not click on any link in any email masquerading as any financial institution! Instead, if you receive an email from your bank (or PayPal or eBay), manually go to your browser, open up their Web site to login and then manually browse to whatever new feature they want you to look at. Reputable institutions will never direct you to a page that asks you to re-enter any personal information.
Yet another financial scam is making its rounds. Email is being allegedly sent out from Citibank saying that there is a new terms and conditions available on the site and you need to go to their Web site to look at it. It looks official enough but what clued me into the scam is the incorrect
Reply-To: email addresses, as well as the weird .co.uk SMTP servers it passed through. On top of that, the URL you click on uses a form of URL encoding to fake where it’s coming from. Oh, and did I mention that I don’t have a Citibank card account attached to the email address it was sent to?
Take a look at it:
http://www.citibank.com:ac%398HAAA9UWDTY AZJWVWAAAA9pYWwgc2l6ZT00PjxTVgc2l6ZT00Pj xT3Aac%398HAAA9UWDTYAZJWVWAAAA9pYWwgc2l6 [email protected]/cg i-bin/[email protected]
In this case, you are actually connecting to
18.104.22.168 and giving them your email address to verify that your email address is active. So, this scam works twofold. First, they get your email address as valid so they can send you more spam. Second, they get basic information about your credit and/or debit card so they can attempt financial transfers in your name.
So, just watch out…it’s not paranoia if they really are out to get you!