There has been an increase in fake unauthorized emails from criminals posing as corporations claiming to protect theft identity. Often these emails look legitimate as they usually include the company letterhead and a message warning you of impending doom on your identity. The ironic aspect of these emails is that the message, warning you of identity theft, is a blatant attempt at retrieving your personal information.
For experienced users and properly configured email servers, these messages are filtered and immediately deleted. For the inexperienced, however, it can lead to a dangerous situation where your identity and account information is literally handed over to a criminal. How do they accomplish this? It’s simple, they create a form using the specific company letterhead (CitiBank, American Express, Washington Mutual, etc.) asking for your account information. This usually means your name and address and more importantly your username and password, which gives the criminal easy access to your banking or credit account.
As I mentioned, the target is the inexperienced user, who in an attempt to avoid “account termination or suspension” fork over their information thinking they are doing the right thing. Recently, I received an email from a person claiming to be in charge of Identity Theft Solutions from CitiBank.
Here is the email in its full context:
It was easy to identity the email as fake using the following visual indicators:
The sender email was from CITIBANK [firstname.lastname@example.org], which apon first glance looks legitimate. However, one must realize that any email address can be easily spoofed using a variety of methods including masking the email address. Generally, spammers spoof email addresses to prevent people from finding out who they really are. This also applies to criminals on the lookout for account information who would rather not be caught by the law.
In this case, if the email were legitimate, CitiBank would not state “Do not reply to this email”. It’s a good habit, if you’re suspicious, to go ahead and reply to the original sender about the legitimacy of the email and be sure to check the message header. In Outlook, Right-click the email and select Options. A “Message Options” window will popup showing you the detailed message header. It’s important to take a look at the Received: information, as shown below (it indicates the original sender location and IP address):
Another red flag for this email is that the content itself is represented by one graphic; in this case the Citibank logo and message text beneath the logo. There is absolutely no text in the email itself, everything is instead represented by the image. If this was a legitimate email from Citibank, it would include a letterhead and actual text in the message body. Unless it’s a promo from Citibank advertising something like cheap account fees, then discard the message and do not reply under any circumstances.