Forum
Notifications
Clear all
IECT Group Discussion Forum
27
Posts
13
Users
0
Reactions
1,766
Views
Topic starter
January 23, 2020 2:32 pm
New scary email scam goes after your banking info
The scam pretends to be Citibank replete with an authentic-looking website, according to cybersecurity news site BleepingComputer, which credits MalwareHunterTeam as the organization that discovered the scam.
MalwareHunterTeam@malwrhunterteamA @Citibank phishing: https://update-citi [.]com/Citibank-Security-Link/
Not bad domain...
Also, as you can see in the second part of the tweet, it also ask for OTP code received in SMS.@JayTHL @JAMESWT_MHT
(1/2)
PORN SITE SUFFERS MASSIVE DATA BREACH, INCLUDING CREDIT CARDS, SOCIAL SECURITY NUMBERS
The scam also uses a so-called Transport Layer Security (TLS) certificate and other security measures that “could easily cause people to believe they are submitting their personal information on a legitimate page,” according to BleepingComputer.
Security certificates lend additional credibility to the scam because they imply authenticity.
Here’s how the scam works: after a Citibank customer is fooled into entering their login information, they are shown forms that request personal information. That includes name, date of birth, address, the last four digits of their social security number, their debit card number and other card information that is typically requested like security codes, according to BleepingComputer.
“It is believed, but not confirmed, that during this period the phishing page will attempt to login to Citibank using the credentials provided by the victim,” the cybersecurity news site said.
“The tool is very easy to set up for any attack and that’s what makes it quite dangerous,” Pratik Savla, senior security engineer at cybersecurity firm Venafi, told Fox News. Often the bad guys will set up a typosquatted domain, such as www.yahooo.com, with an extra “o.” The customer then gets an email inviting them to the site. If the user falls for the bait, all requests to the phishing site can be sent back to the valid site.
(Editor's note: The above web address is for informational purposes only. Fox News strongly advises users not to click on it.)
RANSOMWARE HITS CRISIS LEVELS AS ANOTHER COMPANY CAVES TO CRIMINALS
“Additionally, all pages shown to the user can originate from the valid site. This tricks the user into entering both their primary and OTP [one-time password] credentials. Once done, the attacker can then hijack the session, getting access to the user’s info,” Savla said, referring to a one-time code sent to a cell phone for verification.
The unfortunate fact is many users are so distracted that it makes scams like this that much easier to pull off.
“Many users access their email and bank accounts on mobile devices, while multi-tasking (unfortunately for example, while driving), and this makes it harder to spot phishing sites,” Colin Bastable, CEO of security awareness & training company Lucy Security, told Fox News.
Topic starter
January 26, 2020 5:34 pm
I have received emails from Citi Bank this week asking me to submit my information to verify an issue with my account. I have logged onto the real Citi Bank to find out there are no issues at all. Beware of any financial institution asking for you to login with user name and password
January 27, 2020 11:27 am
I haven't gotten any from my bank but I do always get an Apple receipt email saying I've bought something and I haven't. I went to my Apple store to check and there's nothing in there. I still changed my password just in case. But I do see how it could get people.
January 27, 2020 11:32 am
I've had the same issue as Mikayla. Also apple claiming that my account has been locked so they would like me to use there link to confirm my security information. Amazon is another big one. It is always a good idea to go to the website and login vs using the link sent to your email.
January 27, 2020 10:11 pm
This is like telemarketing but in digital form and the fake amazon scam happened to my mom too.
January 28, 2020 4:33 pm
This is so real, and security that is set in place like extra 2 steps provides consumers with some sense of safety, but it appears that even with those measures it's not stopping hackers. I've personally had issues with security, and now am more aware of ways to keep my accounts safer. I don't have my personal email on my phone, and I don't keep myself logged in on my pc's either. Once, I use my account, I log off. There are a lot of people out there that want and can do harm, and most people aren't even aware of the potential devastation this can cause.
September 27, 2023 10:49 pm
It's scary how scammers can make replica websites that are not real, it's so important for people to become aware of this and check in with others.
September 27, 2023 10:49 pm
@carliecannestroiectskin-com I agree, that it is like advanced telemarketing.
October 11, 2023 12:11 pm
@deborah It's sad to see that scammers are working overtime to get people's hard earned money or access to their personal information. They are getting worse every day not only with emails from banks but also with text messages that look legitimate. I've become so skeptical in the past few years that whenever I see a message from my bank, I just call to confirm it's them.
October 11, 2023 12:13 pm
@sydneyhurdleiectskin-com The telemarketing is intense. I used to receive 10-20 calls a day from telemarketers for a while. It caused me great anxiety because I didn't know which calls were actual important calls and which were just telemarketers, so I just stopped answering and stated clocking numbers.
October 11, 2023 12:18 pm
@carliecannestroiectskin-com Yes, there are all types of scams now and it's only getting worse, especially with AI taking off. Technological scams are advancing more and more. Now they can hack into your phone and even message people you interact with often to ask to "borrow" money. Last year, my brother's What's App and Facebook accounts were hacked. They contacted a lot of family members and unfortunately 2 of them were scammed out of $500 each.
October 12, 2023 1:11 pm
Sometimes I get text messages saying that my tracking info for a package is incorrect and to click the link, and if you click the link they then automatically gain access to all your data you may have stored. Same thing can happen on social media, commonly on Facebook. A hacker will send you a link from the page of somebody you trust and since you trust them you click it and then that hacker has any info you may have stored on the website.
October 12, 2023 1:12 pm
It's smart to just call your bank just in case, many people don't do that and just trust it since it does look so legit. Many senior citizens are specifically targeted unfortunately.
October 12, 2023 1:15 pm
Most people don't question an email when it looks like it has been sent from a big corporation especially. These scams unfortunately effect a great deal of all internet users.
July 17, 2024 2:37 pm
My initial feeling with some emails is no way. Many times, I look at the email (I never open a link) and there will be spelling errors. That is a 100% red flag. Also, look at the sender name, and see the email address. It is usually something very off. Sad it has come to this.
July 17, 2024 2:39 pm
@olgacoloniectskin-com I receive many calls as well. Daily! This isn't a scam, but the Red Cross calls me nearly every day because of my blood type! It is hard to believe that people fall victim to these things. I guess I am just a skeptic first.
July 17, 2024 2:43 pm
@karyssamarleriectskin-com I agree, call your bank just in case. These people are getting sneakier every day.
July 21, 2024 9:25 pm
I always look at the name of the email address that sent it. If its anything like pz4rdf@gmail.com or has an @gmail.com to it, its typically a scam. If the "To" has my email and other recipients attached to it, then I know its a scam, too. Scams with technology is pretty big these days.
July 21, 2024 9:26 pm
@melissalandersiectskin-com opening a link can sometimes cause the most damage to a computer or a bank account!
July 21, 2024 9:29 pm
@karyssamarleriectskin-com scammers have become very great with big corps- you are so right! I get daily emails from "Amazon" .
July 21, 2024 10:09 pm
Phishing and other scams are prominent in the tech world. My husband work in Cybersecurity for the Department of Justice and their job is to test the vulnerability of networks and do training on phishing. It can happen to anyone if you aren't trained to spot it. Ashley Madison was a huge data breach that cost a lot of people.
July 21, 2024 10:10 pm
@rebeccamatuskaiectskin-com I always hover over site names to see if it shows a legitimate site.
July 21, 2024 10:10 pm
@karyssamarleriectskin-com I get those too. They are the worst especially since I haven't ordered anything.
February 21, 2025 7:21 am
@aliciawellonsiectskin-com I got 14 spam texts and 15 calls today. I am not quite sure how to get it to stop. Even unsubscribe doesn't seem to work these days
April 11, 2025 9:43 am
I have put two-factor authentication on just about all of my accounts after having one of my social media accounts hacked a few years ago, although that does not completely prevent hacking it made me feel better and it hasn't happened since.
April 11, 2025 9:46 am
@melissalandersiectskin-com Yeah the spelling is always telling, I barely get spam emails but if I did I think I would be able to tell from those things too
April 11, 2025 9:48 am
@karyssamarleriectskin-com I have gotten those so many times before too! The new one I keep getting now is a text saying I have an "outstanding toll" with a link to pay it
