Forum
New scary email scam goes after your banking info
The scam pretends to be Citibank replete with an authentic-looking website, according to cybersecurity news site BleepingComputer, which credits MalwareHunterTeam as the organization that discovered the scam.
PORN SITE SUFFERS MASSIVE DATA BREACH, INCLUDING CREDIT CARDS, SOCIAL SECURITY NUMBERS
The scam also uses a so-called Transport Layer Security (TLS) certificate and other security measures that “could easily cause people to believe they are submitting their personal information on a legitimate page,” according to BleepingComputer.
Security certificates lend additional credibility to the scam because they imply authenticity.
Here’s how the scam works: after a Citibank customer is fooled into entering their login information, they are shown forms that request personal information. That includes name, date of birth, address, the last four digits of their social security number, their debit card number and other card information that is typically requested like security codes, according to BleepingComputer.
“The tool is very easy to set up for any attack and that’s what makes it quite dangerous,” Pratik Savla, senior security engineer at cybersecurity firm Venafi, told Fox News. Often the bad guys will set up a typosquatted domain, such as www.yahooo.com, with an extra “o.” The customer then gets an email inviting them to the site. If the user falls for the bait, all requests to the phishing site can be sent back to the valid site.
(Editor's note: The above web address is for informational purposes only. Fox News strongly advises users not to click on it.)
RANSOMWARE HITS CRISIS LEVELS AS ANOTHER COMPANY CAVES TO CRIMINALS
“Additionally, all pages shown to the user can originate from the valid site. This tricks the user into entering both their primary and OTP [one-time password] credentials. Once done, the attacker can then hijack the session, getting access to the user’s info,” Savla said, referring to a one-time code sent to a cell phone for verification.
The unfortunate fact is many users are so distracted that it makes scams like this that much easier to pull off.
“Many users access their email and bank accounts on mobile devices, while multi-tasking (unfortunately for example, while driving), and this makes it harder to spot phishing sites,” Colin Bastable, CEO of security awareness & training company Lucy Security, told Fox News.
I have received emails from Citi Bank this week asking me to submit my information to verify an issue with my account. I have logged onto the real Citi Bank to find out there are no issues at all. Beware of any financial institution asking for you to login with user name and password
I haven't gotten any from my bank but I do always get an Apple receipt email saying I've bought something and I haven't. I went to my Apple store to check and there's nothing in there. I still changed my password just in case. But I do see how it could get people.
I've had the same issue as Mikayla. Also apple claiming that my account has been locked so they would like me to use there link to confirm my security information. Amazon is another big one. It is always a good idea to go to the website and login vs using the link sent to your email.
This is like telemarketing but in digital form and the fake amazon scam happened to my mom too.
This is so real, and security that is set in place like extra 2 steps provides consumers with some sense of safety, but it appears that even with those measures it's not stopping hackers. I've personally had issues with security, and now am more aware of ways to keep my accounts safer. I don't have my personal email on my phone, and I don't keep myself logged in on my pc's either. Once, I use my account, I log off. There are a lot of people out there that want and can do harm, and most people aren't even aware of the potential devastation this can cause.
It's scary how scammers can make replica websites that are not real, it's so important for people to become aware of this and check in with others.
@carliecannestroiectskin-com I agree, that it is like advanced telemarketing.
@deborah It's sad to see that scammers are working overtime to get people's hard earned money or access to their personal information. They are getting worse every day not only with emails from banks but also with text messages that look legitimate. I've become so skeptical in the past few years that whenever I see a message from my bank, I just call to confirm it's them.
@sydneyhurdleiectskin-com The telemarketing is intense. I used to receive 10-20 calls a day from telemarketers for a while. It caused me great anxiety because I didn't know which calls were actual important calls and which were just telemarketers, so I just stopped answering and stated clocking numbers.
@carliecannestroiectskin-com Yes, there are all types of scams now and it's only getting worse, especially with AI taking off. Technological scams are advancing more and more. Now they can hack into your phone and even message people you interact with often to ask to "borrow" money. Last year, my brother's What's App and Facebook accounts were hacked. They contacted a lot of family members and unfortunately 2 of them were scammed out of $500 each.
Sometimes I get text messages saying that my tracking info for a package is incorrect and to click the link, and if you click the link they then automatically gain access to all your data you may have stored. Same thing can happen on social media, commonly on Facebook. A hacker will send you a link from the page of somebody you trust and since you trust them you click it and then that hacker has any info you may have stored on the website.
It's smart to just call your bank just in case, many people don't do that and just trust it since it does look so legit. Many senior citizens are specifically targeted unfortunately.
Most people don't question an email when it looks like it has been sent from a big corporation especially. These scams unfortunately effect a great deal of all internet users.