And some may yet take the bait.
I got an email this morning in my Yahoo! account from 'Citicorp'. I've heard about emails where they masquerade as valid businesses, give you a link to click to which leads to a site that looks legitimate. This one is impeccable. The logos, branding, language and layout could fool any Citibank customer.
[Click on image to view full site image.]
Under the pretenses of security and housekeeping, the email, entitled "Important Information from Citibank Billing Department", asks you to go to a site to verify your account details. The site itself has a form that asks for your ATM/Debit Card number (CIN) and PIN number. It's even got real error-handling - it checks that your input for the debit card number is at least 14 digits long. After signing on, it leads you to a page that asks you for your credit card details, like expiry date and your card verification number.
Most of us rational thinking people may not fall for this scam. We would definitely wonder how the bank got hold of our Yahoo! email address, or why they would choose to do business with us via this method. We would question why a bank needs us to verify information that they should know better, because all the information requested by the email/site is required for us to do any transaction with the bank.
But like those Nigerian scams, someone will fall for this. Maybe even someone who transacted at a merchant I frequent. And the bank, being rightly paranoid, will probably end up blocking the whole range of card numbers, including mine, once they find out that security has been compromised. Sigh... here we go again!
Related Article: Virus Writers Getting Greedy
Posted by Najah Nasseri at 2003年11月27日 09:22 | TrackBackdinesh's posting got me worried one day.
http://www.alphaque.com/article.php?sid=388
Posted by: Wena at 2003年11月27日 09:48My Yahoo mailbox AND my office mail have been inundated with those Nigerian scam messages! Laughable at first, these "pleas for help" to transfer millions of dollars are now downright annoying.
Thx for warning about the bank.
Posted by: Zsarina at 2003年11月27日 11:31Najah, I think the computer you are using computer got hit by a virus or something. I got a spam mail addressed to you in my yahoo inbox...
maybe bots scanned your address book or something...?
Kaz: err.. I don't really use my addressbook, either way, you're not in it. Which email account did it come from?
Posted by: Najah at 2003年11月27日 13:30Hmmm... odd. I don't think it's a virus because Yahoo has no client (plus I don't use pop3 to retrieve my emails), more email address spoofing.
Posted by: Najah at 2003年11月28日 00:19got the same email, asking me to verify my pin number ke email ke ape ntah...almost fooled, but come to think of it.... I dont even have a citibank account!
Posted by: Lolyta at 2003年11月28日 20:47Banks in general would never ask customers to supply their account PIN numbers or passwords using email. Nor should anyone give out his or her account number via email, not even to a mother who's going to transfer money to that account.
Posted by: Shryh at 2003年11月29日 12:33