There has been an increase in fake unauthorized emails from criminals posing as corporations claiming to protect theft identity. Often these emails look legitimate as they usually include the company letterhead and a message warning you of impending doom on your identity. The ironic aspect of these emails is that the message, warning you of identity theft, is a blatant attempt at retrieving your personal information.
For experienced users and properly configured email servers, these messages are filtered and immediately deleted. For the inexperienced, however, it can lead to a dangerous situation where your identity and account information is literally handed over to a criminal. How do they accomplish this? It’s simple, they create a form using the specific company letterhead (CitiBank, American Express, Washington Mutual, etc.) asking for your account information. This usually means your name and address and more importantly your username and password, which gives the criminal easy access to your banking or credit account.
As I mentioned, the target is the inexperienced user, who in an attempt to avoid “account termination or suspension” fork over their information thinking they are doing the right thing. Recently, I received an email from a person claiming to be in charge of Identity Theft Solutions from CitiBank.
Here is the email in its full context:
It was easy to identity the email as fake using the following visual indicators:
The sender email was from CITIBANK [identdep_op7216172929@citibank.com], which apon first glance looks legitimate. However, one must realize that any email address can be easily spoofed using a variety of methods including masking the email address. Generally, spammers spoof email addresses to prevent people from finding out who they really are. This also applies to criminals on the lookout for account information who would rather not be caught by the law.
In this case, if the email were legitimate, CitiBank would not state “Do not reply to this email”. It’s a good habit, if you’re suspicious, to go ahead and reply to the original sender about the legitimacy of the email and be sure to check the message header. In Outlook, Right-click the email and select Options. A “Message Options” window will popup showing you the detailed message header. It’s important to take a look at the Received: information, as shown below (it indicates the original sender location and IP address):
Another red flag for this email is that the content itself is represented by one graphic; in this case the Citibank logo and message text beneath the logo. There is absolutely no text in the email itself, everything is instead represented by the image. If this was a legitimate email from Citibank, it would include a letterhead and actual text in the message body. Unless it’s a promo from Citibank advertising something like cheap account fees, then discard the message and do not reply under any circumstances.
I get tons of those to my old Yahoo mail account (since abandoned in favor of Gmail, though I never relly use webmail at all). All of them had the usual obfuscated titles like “Cïïïtib4nk” to try to get past spam filters.
I did once get one that, shock and gasp, didn’t contain a single spelling error!
This email, in particular, seemed to be the most coherent of the bunch. The graphic attachment was a dead giveway.
I set (Apple) Mail to not display any images on incoming messages, so these are usually pretty easy to spot. I tend to get a good deal of bogus Paypal messages.
Max: I think it’s cheap to use an image for the entire context of the email, regardless if its legitimate or not. Paypal, Constant Contact and Brainbench will periodically send out legitimate emails mostly comprised of images and little to no text.
For people like you (and I) who disable images in emails, their marketing campaigns are certainly not having the effect they would want. Some people even disable HTML emails entirely, so it’s advisable for these companies to send two versions; both a plain-text barebones email and a full on HTML email.
Good job….nice work
Why do people do online banking if they barely know how to use a computer?
The dead giveaway is ALWAYS the link which is spoofed only if you’re using an unpatched Internet Explorer.
If you ARE using an unpatched Internet Explorer, be advised that I am bordering on deciding you’re getting what you deserve.
Mmmm, i may be a bit naiveve here but… are there really idiots out there who actually do click on that link????
Never mind, ….. i think i know the answer to that one already
Lately, I have been getting email FROM MY OWN EMAIL ADDRESS, being sent back to me. When I open it, it’s always a blank email.
Weird.
Great post and timely advice Erik. Sometimes it’s easier to detect a phishing scam if you see giveaways such as poor English spelling, URL link hovering (I have discovered many pseudo-Paypal emails being from Russian origin instead), and checking full header messages as you put above. Other times, however, is not that simple, and even being a web geek won’t save you from being fooled if you don’t take your time to verify the message’s authenticity. You have a pretty nice checklist up there.
If you ARE using an unpatched Internet Explorer, be advised that I am bordering on deciding you’re getting what you deserve.
Well for me I’d save a few words and leave it at “if you ARE using Internet Explorer” instead, but who’s quibbling. ;)
What is equivalent to attaching a brick to the email and putting it in return mail? Shouldn’t we actually be responding to these with bogus information? Couldn’t the right information actually trap them somehow?
The letter I’ve included with this email is from a concerned client of Citibank.
My question is will the teller be fired and if not why not? This teller left out about $10,000.00 in the unlocked front drawer 2 different times with in a two week period and had two shortages in one year, one for $100.00 and the other for $450.00.
Where the cash drawer is concern two employees signed the vault book stating they witness her put the cash away, obviously not true. One of these two employees had the bank pay for her daughters overdrafts and the manage was aware, against company policy. This teller entered false referrals into the systems to make the banks numbers look better and this was done under the supervision and direction of the supervisor, when I brought this up to the manager none of the three tellers which input false referrals were written up, falsifying bank documents and no write up but I get written up for missing a Saturday, why? Unfair and unequal treatment by the manager.
Where are the ethics? As I’ve stated, the unethical employees still have jobs and I get fired after the manager receives my email on 12/13/05 at about 1:45 p.m., and he acknowledges receiving it, it clearing answers his question/comment that he was calling to see if I was coming. The email states that my doctor had called in and spoke to Kathleen: as well as faxing in my doctors note which the manager returned to me with my termination letter received two days after I had been fried with no check, with no break down explanation, no vacation pay, misleading information and so on, note clearly stating my disability time off. Did he read the doctors note? Did he let upper management know that my doctor had call and faxed information?
The manager called I returned his call but he was with a client.
I requested to communicate via email and I emailed him, Kathleen and Human Resource, so why was I fired sometime after he received my email and the end of the day if he was just calling to see if I was coming in and if not to contact HR? Unfair and unequal treatment.
It makes no sense. Why weren’t the labor codes followed? Did he get HR permission to fire me? Why then wasn’t my check included with my letter of termination? Aren’t I to be fired at the location which I work? Were my rights violated when he had Kevin send me my termination letter, did he know I was getting fired prior to me receiving my letter?
Hey I got that e-mail a few days ago!
Fight the good fight but pleeeeease next time summarize!