Shady Lane

Retailers, Manufacturers, ePay, AudiogoN, Paypal or whatever. Buying and selling advice.

Return to Shady Lane


Message Sort: Post Order or Asylum Reverse Threaded

Citibank scam

68.115.204.170

Posted on October 22, 2004 at 14:04:15
DAT


 
With whom I have my mortage. They have the logos and everything looking legit, but was addressed: Dear Citibank customer. Called the real Citibank and they've had enough problem that it's been added to their automated menu.

To paraphrase SouthPark: "You Nigerians are messing up my shittybank".

 

Hide full thread outline!
    ...
It's called "phishing" and WARNINGS AND TIPS, posted on October 28, 2004 at 19:21:52
TA
Audiophile

Posts: 1736
Joined: February 2, 2002
I get at least a handful of "phishing" e-mails every week. Seeing a few posts on this board already about "phishing" e-mails, I hope people come to learn that it's a widespread problem and comes in many flavors, whether Verizon, Citibank, eBay, Paypal or whatever.

Some tips to pass around for the good folks on the Asylum --

The first thing I do when I get an e-mail about some online account I hold is check where the e-mail comes from. You'll often notice that it's not an @citibank.com or @ebay.com account. And the website you are supposed to go to doesn't start with www.citibank.com/... or www.ebay.com/... It might be something like randomname.ebay.com/... Clearly not originating from the source it claims to be.

BUT ... people can disguise e-mails to look like they're coming from one place when they don't. Also, many companies use third-party vendors to do customer surveys, etc., so those e-mails, while legitimate, don't match the domains of their clients. So this isn't failproof.

Second, I check whether the e-mail has some personal information that clues me in to the fact that it's coming from someplace that would have my information, instead of a fishing expedition. Paypal, for example, always sends e-mails with your name in the "Dear [Name]" line, not something generic "Dear customer". (See linked post below.)

BUT ... if your email address is something like john.oe@company.com or is identified as "John Doe (bugman@hotmail.com)", phishers could use just your e-mail address to make it look like they're already familiar with you. So this isn't failproof either.

Whenever I get an e-mail that I think may be legitimate and require some action on my part (e.g., a notice that my credit card for the account is about to expire and needs to be updated), I either call the company through a number I know is legitimate or I go to that company's website in a fresh window and access my account from there. I've been almost fooled to click on the link in the phishing e-mail because I think, that's a shortcut to getting to the company's website. So don't do that!

Eventually, this should become as automatic to all of us as not opening .exe attachments in any e-mail (viruses).

"HO, HO, HO!" - Santa Claus

 

Page processed in 0.014 seconds.