Phishing scam targets Citibank customers

Phishing scam targets Citibank customers:

By Online Staff
smh.com.au

A phishing scam targeting Citibank is circulating by email, attempting to lure users to a domain which was registered just a day ago. The scam will work only if one is using Internet Explorer; browsers which have a Netscape heritage will not display the site.

The scam is similar to the numerous ones that arrive in inboxes around Australia every day, with one difference - it contains elaborate advice about scams, apparently in an attempt to convince people that it is the genuine article.

The normal bit of social engineering is used: 'As a part of our ongoing commitment to provide the 'Best Possible' service to all our Members, we are now requiring each Member to validate their accounts once per month.'

A link is provided for this 'validation' and clicking on it takes one to appleo.biz. The domain was registered on April 12.

The email apparently itself comes from someone who is a regular in the business - some of the the images used in the email are ones which are on the genuine Westpac site and the person who has created the email has confidently linked to them!

Though there are a few cases of incorrect capitalisation here and there, the real carelessness shows through only at the end of the email - a link to apparently allow the user to learn how to protect his or her PC from viruses actually brings up a page from the Westpac site. What would such a link be doing in an email supposedly from Citibank?"