Email Identity Theft

There has been an increase in fake unauthorized emails from criminals posing as corporations claiming to protect theft identity. Often these emails look legitimate as they usually include the company letterhead and a message warning you of impending doom on your identity. The ironic aspect of these emails is that the message, warning you of identity theft, is a blatant attempt at retrieving your personal information.

For experienced users and properly configured email servers, these messages are filtered and immediately deleted. For the inexperienced, however, it can lead to a dangerous situation where your identity and account information is literally handed over to a criminal. How do they accomplish this? It’s simple, they create a form using the specific company letterhead (CitiBank, American Express, Washington Mutual, etc.) asking for your account information. This usually means your name and address and more importantly your username and password, which gives the criminal easy access to your banking or credit account.

As I mentioned, the target is the inexperienced user, who in an attempt to avoid “account termination or suspension” fork over their information thinking they are doing the right thing. Recently, I received an email from a person claiming to be in charge of Identity Theft Solutions from CitiBank.

Here is the email in its full context:

CitiBank fake email example

It was easy to identity the email as fake using the following visual indicators:

The sender email was from CITIBANK [identdep_op7216172929@citibank.com], which apon first glance looks legitimate. However, one must realize that any email address can be easily spoofed using a variety of methods including masking the email address. Generally, spammers spoof email addresses to prevent people from finding out who they really are. This also applies to criminals on the lookout for account information who would rather not be caught by the law.

In this case, if the email were legitimate, CitiBank would not state “Do not reply to this email”. It’s a good habit, if you’re suspicious, to go ahead and reply to the original sender about the legitimacy of the email and be sure to check the message header. In Outlook, Right-click the email and select Options. A “Message Options” window will popup showing you the detailed message header. It’s important to take a look at the Received: information, as shown below (it indicates the original sender location and IP address):

CitiBank fake email header

Another red flag for this email is that the content itself is represented by one graphic; in this case the Citibank logo and message text beneath the logo. There is absolutely no text in the email itself, everything is instead represented by the image. If this was a legitimate email from Citibank, it would include a letterhead and actual text in the message body. Unless it’s a promo from Citibank advertising something like cheap account fees, then discard the message and do not reply under any circumstances.

Johan Svensson says:

September 8th, 2004 at 12:04 pm

I did once get one that, shock and gasp, didn’t contain a single spelling error!

kartooner says:

September 8th, 2004 at 2:38 pm

This email, in particular, seemed to be the most coherent of the bunch. The graphic attachment was a dead giveway.

max says:

September 8th, 2004 at 9:26 pm

I set (Apple) Mail to not display any images on incoming messages, so these are usually pretty easy to spot. I tend to get a good deal of bogus Paypal messages.

September 8th, 2004 at 9:58 pm

Max: I think it’s cheap to use an image for the entire context of the email, regardless if its legitimate or not. Paypal, Constant Contact and Brainbench will periodically send out legitimate emails mostly comprised of images and little to no text.

For people like you (and I) who disable images in emails, their marketing campaigns are certainly not having the effect they would want. Some people even disable HTML emails entirely, so it’s advisable for these companies to send two versions; both a plain-text barebones email and a full on HTML email.

Dad says:

September 8th, 2004 at 11:51 pm

Good job.…nice work

Donnie says:

September 9th, 2004 at 1:00 pm

Why do people do online banking if they barely know how to use a computer?

Jarek Pi�rkowski says:

September 9th, 2004 at 6:36 pm

The dead giveaway is ALWAYS the link which is spoofed only if you’re using an unpatched Internet Explorer.

If you ARE using an unpatched Internet Explorer, be advised that I am bordering on deciding you’re getting what you deserve.

Luc says:

September 12th, 2004 at 6:58 pm

Mmmm, i may be a bit naiveve here but… are there really idiots out there who actually do click on that link????

Never mind, .…. i think i know the answer to that one already

9rules Network: Weblog says:

September 1st, 2005 at 12:20 am

[…] in Featured articles. Erik Sagen, author of Kartooner.com, wrote up a post trying to help all of us protect ourselves from emails which try to rob us of our id […]

Bryan says:

September 1st, 2005 at 10:03 am

Lately, I have been getting email FROM MY OWN EMAIL ADDRESS, being sent back to me. When I open it, it’s always a blank email.

Weird.

beto says:

September 1st, 2005 at 2:04 pm

Great post and timely advice Erik. Sometimes it’s easier to detect a phishing scam if you see giveaways such as poor English spelling, URL link hovering (I have discovered many pseudo-Paypal emails being from Russian origin instead), and checking full header messages as you put above. Other times, however, is not that simple, and even being a web geek won’t save you from being fooled if you don’t take your time to verify the message’s authenticity. You have a pretty nice checklist up there.

Well for me I’d save a few words and leave it at “if you ARE using Internet Explorer” instead, but who’s quibbling. ;)

Dovet says:

September 8th, 2005 at 1:40 am

What is equivalent to attaching a brick to the email and putting it in return mail? Shouldn’t we actually be responding to these with bogus information? Couldn’t the right information actually trap them somehow?

Damari Stratford says:

April 1st, 2006 at 11:04 am

My question is will the teller be fired and if not why not? This teller left out about $10,000.00 in the unlocked front drawer 2 different times with in a two week period and had two shortages in one year, one for $100.00 and the other for $450.00.

Where the cash drawer is concern two employees signed the vault book stating they witness her put the cash away, obviously not true. One of these two employees had the bank pay for her daughters overdrafts and the manage was aware, against company policy. This teller entered false referrals into the systems to make the banks numbers look better and this was done under the supervision and direction of the supervisor, when I brought this up to the manager none of the three tellers which input false referrals were written up, falsifying bank documents and no write up but I get written up for missing a Saturday, why? Unfair and unequal treatment by the manager.

The manager called I returned his call but he was with a client.

I requested to communicate via email and I emailed him, Kathleen and Human Resource, so why was I fired sometime after he received my email and the end of the day if he was just calling to see if I was coming in and if not to contact HR? Unfair and unequal treatment.

March 25, 2006

Dear Ms. Deloney,

I would like to take a moment and thank you for responding to my comments regarding Damari and the manager. I am sure that you are a very busy and important person and I appreciate your time. Damari is truly missed at the bank, since her unfair termination by the manger, the atmosphere at the bank is boring to say the least. Damari added life and laughter and she enjoyed serving the customers. I feel deeply, that the manager made a huge mistake in dismissing her while she was ill. What kind of a manager would dismiss an employee while they are ill?

I feel it would be in the best interest to Citibank to launch a complete investigation on the manager, as you stated would be done and seriously consider removing him from Carmel. In my opinion since he arrived the atmosphere is tense and if I can sense it I am sure that other customers do. This manager has taken all the personal touch and charm out of the bank and I feel the employees fear for their jobs: no one should have to work under those conditions. Keeping this manager at this or any branch is sure to destroy you business. Again, thank you for your letter and taking the time to look into this situation.

Sincerely, Clifford Bagwell

In a letter dated 01÷06÷06, Citibank states, Pursuant to Section 1089 of the Ca. Unemployment insurance Code, regarding notification of changes in employment status, please be advised that your employment was terminated on 12÷13÷5 for failure to follow call in procedures RE Section1089 and other codes which Citibank may have violated
Other codes they may have violated labor code section 208, 226, 226.3,201.25,2441, 2800,2802,2926,2927,6400,3602(6),3852,2922,civil code 47©
I was fired on 12/13/05,it states that each employer shall notify the employee immediately, yet I didn’t find out until 12/15 as I received my notice of termination via UPS on 12/15.

When I was fired I was not supplied with “copies of printed statements or materials relating to claims for benefits by Citibank. Citibank claims that I didn’t follow the call-in procedure yet my doctor called on 12/12 & faxed in a notice which stated that I would be out from the 12^th-16^th. Jeff claims that he called me to see if I was coming in on 12/13 at 10:25am,almost 2hrs after my shift started, he states that if I wasn’t coming in that he wanted me to contact HR to inform them of my extended absence. How does one go from calling to see if I’m coming in & ask me to call HR to Jeff stating & deciding that I should be fired yet in my email to him at 1:45pm on 12/13 it states that the doctor had spoken to Kathleen & faxed in my doctors note which he returns to me w/letter of termination.

How does he justify terminating me? I was out on work related stress and my blood pressure, my doctor called for me to keep my stress & blood pressure down, as far as not calling in I had my doctor call: the call was made for me to protect my health. Why wasn’t it stated in my termination letter that I failed to follow the call in procedure. Why does Citibank state to the DFEH that I called in on 11/15 & said that I would be out the rest of the week yet I worked on the that day & the supervisor approved my timecard on 11/22. What else are they not being honest about?

Why are the employees which falsify bank documents & break policy still have jobs?
Reply to Damari Stratford 1291 Ord Grove Ave, Seaside 93955 831−583−9077

CITIBANK IS NOT BEING HONEST WITH DFEH
THIS IS A LETTER I SENT MY GOVERNOR

Dear Governor, First Lady and staff,

I have been awake since 1:05 a.m. I was having a difficult time sleeping again due to my conversation with Ann Lueckeman from the DFEH. Ann and I spoke on 3÷08÷06, Citibank apparently faxed in their reply on 3÷07÷06. Ann read to me some of the statements that Citibank made on their reply Citibank states: that I called in on 11÷15÷05 and that I stated that I would be out the rest of the week, this is a lie!!! I happen to have my time card for the week ending 11÷19÷05 and it clearly shows that I worked the 15^th, I was off the 16^th and I worked the 17^th and that I was out sick on the 18^th and 19^th and that the manager approved my time. Citibank states that I refused to work on Saturdays but they don’t mention that I, unlike them, was willing to meet them half way. Citibank is not telling the truth. To further support that I was at work on the 15^th and 17^th I have my journal notes with specific times of things that occurred on those two days.

How does an honest and ethical person fight against unethical people who lie? How can I protect myself if I can’t afford an attorney and I can’t find one to work on a contingency basis? The other night, on TV, my husband and I heard that the government spends 4 million to train wasp and I can’t get help from The White House or our Senators or Congress, to defend myself against a corporation which is taking advantage and lying about this situation? The only one that has offered to help is the Governors office and although I appreciate the letter and the call from the Governors office this does not get me an attorney. I have diligently search for assistance to no avail. I am now begging for help, I can’t continue to loose sleep and live on anxiety medication; this situation is wearing on me. Again, please, is there anything more that you or our government can do to help my family and I, for this wrongful termination? Why is Citibank lying? I feel like I am going to have another panic attack and I had to resign to taking medication to calm down. This is totally and completely unfair, unjust, wrong and no one should have to go through what Citibank has put my family and I through. I only wonder how many other wrongful termination’s Citibank has gotten away with because people are afraid to go up against them or just don’t have the money to fight and protect them selves? My husband and daughter are worried about me and so am I.

Sincerely.
Damari Stratford

A BETTER EXPLANATION — Mother fired by Citibank for no good reason.

I am searching for an Employment Attorney willing to work on a contingency basis. I was fired while I was out sick, the managers states in a note added to my personnel file that he had called me to see if I would be coming into work on Dec. 13^th but yet with my letter of termination he returned to me the faxed in doctors note, faxed in at 3:44p.m. on 12÷12÷05 by my doctor, which clearly stated that I would be out from 12÷12−12÷16÷05.

Sincerely, Damari Stratford

Home 831−583−9077 all calls to this number are screen due to telemarketing calls and my current situation so once you hear my voice saying that all calls are screened please leave a message, once I hear who is calling I pick up the phone.

Cell phone 831−236−0112 this is the best number to leave a message.

Again please help us.

Chris says:

April 27th, 2006 at 6:01 pm

Hey I got that e-mail a few days ago!

Fight the good fight but pleeeeease next time summarize!

IT Help Central - The Report On Identity Theft and Attacks On … says:

December 1st, 2006 at 10:22 am

[…] kartooner.com Email Identity Theft This manager has taken all the personal touch and charm out of the bank and I … If you’d like to follow the conversation thread for Email Identity Theft, … […]

Email Identity Theft

15 comments leave your own, follow the feed, or trackback

Leave a reply

Links

Categories

Email Identity Theft

15 comments leave your own, follow the feed, or trackback

Leave a reply

Links

Tweet!

Categories