I recently had an experience that I would like to warn people about. Even though I consider myself relatively experienced with internet matters, I was fooled and you can be too.

I bank at Citibank and use their online services. I recently got a email that looked very real and legitimate, telling me that it is important for me to change the PIN (personal identify number) of my account because there have been a recent rash of attempts to break into accounts. I was curious and therefore clicked the link provided (which incidentally looks just like the regular Citbank online site that I use frequently for online banking). There was a pop-up window that indicated 128-bit security, and provided the option of changing my PIN number for my particular Citibank card number and account number which I would have to provide. That of course should have tipped me off but because the main window (not the popup) actually recognized me as a user, I was fooled. Like a fool, I entered my information and changed my pin number. The popup window displayed a thank you message and said that the pin number change will not be apparent for 24 hours. I thought that was strange but was in a hurry, logged off. Twenty-four hours later, I went to my online banking site, logged in under my new pin number and it would not recognize it. So I logged in under my old pin number and it accepted it. I realized then that it is an email scam that is intended to steal your account numbers and pin numbers. Fortunately, there were no withdrawals or charges on my account. I immediately called Citibank and protected my account.

So, please, please, be very careful. Do not respond to any email requests of this nature.

Wise.

Hey Wise,

Sorry this happened to you. If you still have the two emails you recently referenced, would you mind forwarding them to me so I can write an article on how to make sure you're not being fooled?

-Steven
..."mary, mary.." why ya buggin'?

Wise, one of my cousins in Oklahoma had the exact same thing happen. He forwarded an email to me about it, but I didn't think to post a warning for others. Glad you caught it in time.

~ Protons have mass? I didn't even know they were Catholic.~ http://sci.rutgers.edu/forum/images/smilies/tongue.gif

I make it a habit to not use email links. I go directly to the web site and make the changes. I sometimes even change from Mozilla to IE to prevent cookie tracks.

I might even reboot and flush the DSL router in the process. With dial up the IP address would most certainly change in the process. That may be overkill. I wait a day or two if I think its just a maintainace issue.

Happy computing http://sci.rutgers.edu/forum/images/smilies/cool.gif

I can not do it on the picture you posted, but if you were to right click the link they sent you and go to properties I wonder what the web address would be?

For the eBayer's out there watch out, for the emails that you get from eBay. There is someone that sends out an email that is just identical to the eBay site and they ask for all your privet info to update your eBay account. A company such as eBay, banking center, or anyother companies dealing with your monies or privet info would never ask for you to give them that kind of info over the internet. If your not sure don't do it. Give that company a call or go to there website and look up there polices find a link to there rule and safety or something to that nature.

I got the same email a while ago, but in my case it was obvious because it went to bulk mail, and also I don't have an account with citibank. I went to the site out of curiosity and the main page was a copy; some of the links went to the real citibank site. It would be easy to be tricked because the urls were similar, except the domain was something like citi.com.

Quickstudy by Russell Kay January 19, 2004.

DEFINITION: Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.

Computerworld (http://www.computerworld.com/securitytopics/security/story/0,10801,89096,00.html)

PN

They are using Ebay this same way. It said that someone has tried to access my account and they wanted me to click their link and verify that I was me. They stated up front that credit cards would need to be verified. So I checked the ebay web site and their policy is they will never ask for sensitive info thru email. I knew then it was what they are calling phising or something like that. But, it really was convincing to see that false ebay request for information.


David

Originally posted by Wise Young:

I was fooled. Like a fool,

Wise.

http://sci.rutgers.edu/forum/images/smilies/rolleyes.gif http://sci.rutgers.edu/forum/images/smilies/eek.gif http://sci.rutgers.edu/forum/images/smilies/smile.gif http://sci.rutgers.edu/forum/images/smilies/tongue.gif

Seriously-similar things happens periodically with ebay & paypal....

Solution if in doubt forward this email to legitimate organization & better as attachment-so their security can figure out who did it.

Never click links in email ....Better go to legitimate website & there contact customer rep.

In the past these E-mails have been known for their grammar and, sometimes, spelling mistakes. As time goes on, it looks like they are getting better by making fewer mistakes.

For instance: Paragraph 3 "The process is mandatory and if not completed within the nearest time your account may be subject to temporary suspension".

The above makes no sense because what does "completed within the nearest time" mean without out a specific date?

And, notice the salutation. The signature is identified as "unmonitored alias".

Who's that?

Dr. Young: Thanks for alerting this forum.

PN

http://www.citibank.com/domain/spoof/learn.htm

darn - you're on to me http://sci.rutgers.edu/forum/images/smilies/wink.gif

A couple of months ago, I got several emails instructing me to send bank information immediately....because my Paypal account was going to expire in 5 days.

Really strange thing...as I DO NOT HAVE A PAYPAL ACCOUNT!!!!! http://sci.rutgers.edu/forum/images/smilies/eek.gif

So...everybody, please beware of this one too....If I had actually had a Paypal account, I would have been tempted to do just what they said...

If you get an email that is suspicious, my suggestion would be to either call your bank, or print the email and GO to your bank....and above all else...keep your bank info protected, and keep it to yourself...

Teena

I hate being in a wheelchair - short - and using an ATM. People are getting waaay good at stealing money anymore. These are other people's experiences I've ran across at work at the cop shoppe:

There's the 'oh I dropped something' partner scam where you bend over to pick up something that suspect 1 dropped, suspect 2 switches out your card but your banking info is still open - then they head out with your card. (Suspect 1 has already looked over your shoulder for your PIN number while you were entering it).

Then there's the copy the card and get the PIN number by having a pen-sized camera above the keypad and camaflouging it quite well. They have a tiny electronic device inserted where the card would go to make a dummie card.

People at retail stores who take your card - never let it out of your sight - they could swipe it twice underneath the counter and make a copy whilst a camera or another person looks over your shoulder. This happened quite a bit last year and the money was always sent to a foreign country.

Most of the above was aimed at elderly folk.

I'm about ready to hand in my darn ATM card and bank the old fashioned way!

All of my banks ATM's are the drive through type.

_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.

I love the stores that ask you if it's going to be a debit or credit while you are still holding your wallet closed... I usually ask if they still take cash, otherwise I'd walk out...
Safer that way!
http://sci.rutgers.edu/forum/images/smilies/smile.gif

[QUOTE]Originally posted by jimnms:

All of my banks ATM's are the drive through type.

Those were hit too in this area.

Originally posted by lynnifer:

There's the 'oh I dropped something' partner scam where you bend over to pick up something that suspect 1 dropped, suspect 2 switches out your card but your banking info is still open - then they head out with your card. (Suspect 1 has already looked over your shoulder for your PIN number while you were entering it).

First of all, why are two people standing so close to you at the ATM? Second, why bend over to pick up something someone else dropped? Third, how do they take your card? Every ATM I've been too sucks your card in and doesn't spit it out until your done, or it's the swipe kind where the card never leaves your hand. And finally, how are they going to pull this off at a drive through ATM?

_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.

Another e-mail scam.

"From: Jeffrey.Tam
Email:jeffrey_

Dear Friend,

With due respect and honour,please permit me to inform you of my desire of going into business relationship with you.

I am Jeffrey.Tambo the only son of late Alhaji Fofana Tambo. My father was a very wealthy cocoa merchant in Abidjan , the economic capital of Ivory coast, my father was poisoned to death by his business associates on one of their outings on a business trip .
My mother died when I was a baby and since then my father took me so special.

Before the death of my father on March 2002 in a private hospital here in Abidjan he secretly called me on his bed side and told me that he has the sum of twenty seven million,United State Dollars. USD($27.000,000) left in fixed / suspense account in one of the prime bank here in Abidjan ,that he used my name as his only son for the next of Kin in depositing of the fund.

He also explained to me that it was because of this wealth that he was poisoned by his business associates.

That I should seek for a foreign partner in a country of my choice where i will transfer this money and use it for investment purpose such as real estate management or hotel management or any other invesment wich you know that may give us a good
proffit in your country.

Sir, I am honourably seeking your assistance in the following ways:

(1) To provide a bank account into which this money would be transferred to .
(2) To serve as a guardian of this fund since I am only 23years.
(3) To make arrangement for me to come over to your country to further my education and to secure a resident permit in your country.

Moreover, sir i am willing to offer you 15% of the total sum as compensation for your effort/ input after the successful transfer of this fund into your nominated account overseas.

Furthermore, you indicate your option towards assisting me as I believe that this transaction would be concluded withing fourteen(14) days you signify interest to assist me

Anticipating to hear from you soon.

Thanks and God bless.

Best regards,

Jeffrey.Tam"

PN

I've been getting several versions of that scam in my Yahoo bulk folder.

_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.

We had an AOL scam this week asking us to change our password we reported ot to AOL they confirmed it was a scam.
Matt

Your bank or other similar organisation would NEVER e-mail or request PIN and password info or revisions by e-mail or phone.

- Good rule of thumb -

Never provide ANY personal information online unless you initiated the encounter.

It's called phishing. I collect them. View the HTML and see where it goes. The better ones use 2 server hops and then to one of the web based e-mail providers (Hotmail, Yahoo, etc.).

So far, I've got:

Ebay, Citi, Sun Trust, US Bank and PayPal.