A new threat is hiding behind Citibank in order to access consumers’ bank accounts.
An email scam, claiming to be from the American bank, includes a link to what appears to be an authentic-looking website with ‘update-citi .com’ as the domain address.
The fraudulent site tricks victim’s into entering their online banking credentials and then request their personal information.
Users are asked to provide their full name, address, date of birth, last four digits of this social security number, their debit card number and other card information that is typically requested like security codes, according to BleepingComputer that first shared the scam.
An email scam, claiming to be from the American bank, includes a link to what appears to be an authentic-looking website with ‘update-citi .com’ as the domain address
DailyMail.com has contacted Citibank and is waiting on a response.
The scam uses a TLS certificate for the domain so that a lock appears next to the address, deceiving users into thinking it is a secure website.
‘While this should not make a web site appear more legitimate as it only means submitted data is encrypted, for many users a lock symbol tends to lend authenticity to a page,’ BleepingComputer said in a blog post.
Once consumers hand over their information, each form is given to the attackers server that will then verify the information is authentic.
Users are asked to provide their full name, address, date of birth, last four digits of this social security number, their debit card number and other card information that is typically requested like security codes
Once consumers hand over their information, each form is given to the attackers server that will then verify the information is authentic
‘It is believed, but not confirmed, that during this period the phishing page will attempt to login to Citibank using the credentials provided by the victim. This is done in the background similar to this Steam phishing scam,’ explained BleepingComputer.
Pratik Savla, senior security engineer at cybersecurity firm Venafi, told Fox News: ‘The tool is very easy to set up for any attack and that’s what makes it quite dangerous.’
‘Often the bad guys will set up a typosquatted domain, such as www.yahooo.com, with an extra ‘o.’
‘The customer then gets an email inviting them to the site.’
‘If the user falls for the bait, all requests to the phishing site can be sent back to the valid site.’
Citibank is the latest major company to be used as a way for hackers to gather people’s information, as just yesterday a text messaging scam was discovered that masqueraded as FedEx.
new threat is hiding behind Citibank in order to access consumer’s bank accounts
A fraudulent text message has been reported on Wednesday that shows a recipient’s name and includes a tracking code that prompts them to enter their ‘delivery preferences’.
The link is connected to a scammer-operated site that convinces users to provide personal and credit card information in order to receive a package.
FedEx told DailyMail.com that it is aware of the scam and said it ‘does not send unsolicited text messages or emails to customers requesting money or package or personal information’
Citibank is the latest major company to be used as a way for hackers to gather people’s information, as just yesterday a text messaging scam was discovered that masqueraded as FedEx
‘Millions of fraudulent e-mails and sms messages are deployed daily, Fedex shared on its website.
‘They claim to come from a wide variety of sources, and some claim to be from FedEx or representing FedEx.’
‘Fraudulent e-mail and sms messages, often referred to as ‘phishing’ or brand ‘spoofing,’ are becoming increasingly common.
‘These types of messages often use corporate logos, colors and legal disclaimers to make it appear as though they are real.’
At first glance the text message may appear to be legitimate, but the delivery company said there are clues that suggest otherwise. The firm noted it will never unexpectedly request money or personal information in exchange to deliver packages
FedEx is aware of the scam and said it ‘does not send unsolicited text messages or emails to customers requesting money or package or personal information’, according to ABC News
‘They are sent in an attempt to trick people into sending money and providing personal information such as usernames, passwords and/or credit card details, and for the purpose of committing theft, identity theft and/or other crimes.’
At first glance the text message may appear to be legitimate, but the delivery company said there are clues that suggest otherwise.
The firm noted it will never unexpectedly request money or personal information in exchange to deliver packages.
It also says to be on the lookout for links to ‘misspelled or slightly altered Web-site addresses’ and messages that require immediate action.
FedEx shared a statement with DailyMail.com s in response to the recent fraudulent text messages claim: ‘We are committed to protecting the security and integrity of our network. While there is no foolproof method to prevent the FedEx name from being used in a scam, we are constantly monitoring for such activity and work cooperatively with law enforcement.’
The firm also noted to report any suspicious messages to abuse@fedex.com.