[vox-tech] one of the most pernicious spams i've ever seen.

Donald Childs vox-tech@lists.lugod.org
Thu, 25 Sep 2003 12:09:20 -0700 

Has this been submitted to Citibank or the
Sacramento Valley Hi-Tech Crimes Task Force (
http://www.sachitechcops.org/ )?

-Donald

> -----Original Message-----
> From: vox-tech-admin@lists.lugod.org
> [mailto:vox-tech-admin@lists.lugod.org]On Behalf Of p@dirac.org
> Sent: Thursday, September 25, 2003 6:31 AM
> To: vox-tech@lists.lugod.org
> Subject: [vox-tech] one of the most pernicious spams i've ever seen.
>
>
> hi all,
>
> rhonda received this email last night.
>
> when you feed a browser the given url, the citibank page comes up.  but
> you also get a small page with a form that asks for your bank account
> number and PIN.
>
> i had to do a double take.  we DO have a citibank account via an
> investment account we have.
>
> on one hand, a bank *NEVER* asks you for your PIN.  even in person when
> you're at the bank.  So they certainly wouldn't ask you for a PIN over
> the net.
>
> they also slip up and go between "citibank" and "citybank".
>
> they also mispell "becaurse".
>
> the email is misformatted and not sent from a citibank.com address.
> they didn't even try to add bogus headers.  it just doesn't look real.
> the whole thing is amateurish.
>
>
> but the URL is what made me do a double take.  i've never seen that
> before.  they somehow managed to get a "www.citibank.com" url, tack on
> some wierd characters, and obviously put up some kind of page that
> piggybacks(?) on citibank.com.  it's a nice effect.  i'm absolutely
> certain this will fool some non-savy people.
>
>
> my question is -- how is this done?  how does this URL:
>
> http://www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSe
> M.NeT/3/?IYTEw
> 4eVTtbH1w6CpDrT
>
> bring up citibank.com's webpage and then another page with the
> account/PIN grabber?  i've never seen anything like this before.
>
> pete
>
>
>
>
> --- Verify <verify@citybank.com> wrote:
> > X-Apparently-To: bakey17@yahoo.com via
> > 216.136.173.101; Wed, 24 Sep 2003 17:09:51 -0700
> > X-YahooFilteredBulk: 68.81.128.134
> > Return-Path: <verify@citybank.com>
> > Received: from 68.81.128.134  (HELO
> > pcp01335001pcs.fairmt01.pa.comcast.net)
> > (68.81.128.134)
> >   by mta109.mail.sc5.yahoo.com with SMTP; Wed, 24
> > Sep 2003 17:09:50 -0700
> > Received: from three.serpentine.com [129.134.135.20]
> > by pcp01335001pcs.fairmt01.pa.comcast.net (Postfix)
> > with ESMTP id D97F786D2469 for <BAKEY17@yahoo.com>;
> > Thu, 25 Sep 2003 08:09:43 +0000
> > Date: Thu, 25 Sep 2003 08:09:43 +0000
> > From: Verify <verify@citybank.com>
> > Subject: Citibank E-mail Verification
> > To: BAKEY17 <BAKEY17@yahoo.com>
> > References: <C2EDD9D1D2681C01@yahoo.com>
> > In-Reply-To: <C2EDD9D1D2681C01@yahoo.com>
> > Message-ID: <0DA7C1F2E164BF57@citybank.com>
> > Reply-to: Verify <verify@citybank.com>
> > Sender: Verify <verify@citybank.com>
> > MIME-Version: 1.0
> > Content-Type: text/plain
> > Content-Transfer-Encoding: 8bit
> > Content-Length: 926
> >
> > Dear Citibank Member,
> >
> > This email was sent by the Citibank server to verify
> > your e-mail address. You must
> > complete this process by clicking on the link below
> > and entering in the small window
> > your Citibank ATM/Debit Card number and PIN that you
> > use on ATM.
> > This is done for your protection --- becaurse some
> > of our members no longer have access
> > to their email addresses and we must verify it.
> >
> > To verify your e-mail address and access your
> > account,
> > click on the link below. If nothing happens when you
> > click on the
> > link (or if you use AOL), copy and paste the link
> > into the address bar of
> > your web browser.
> >
> >
> >
> http://www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSe
M.NeT/3/?IYTEw4eVTtbH1w6CpDrT
>
>
> ---------------------------------------------
>          Thank you for using Citibank!
> ---------------------------------------------
>
> This automatic email sent to: BAKEY17@yahoo.com
> Do not reply to this email.

----- End forwarded message -----

--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech