Claim: Citibank is sending out checking account suspension notices and asking customers to verify their acceptance of new terms and conditions.
Your Checking Account at Citibank
We are letting you know, that you, as a Citibank checking account holder, must become acquainted with our new Terms & Conditions and agree to it.
Please, carefully read all the parts of our new Terms & Conditions and post your consent. Otherwise, we will have to suspend your Citibank checking account.
This measure is to prevent misunderstanding between us and our valued customers.
We are sorry for any inconvinience it may cause.
Click here to access our Terms & Conditions page and not allow your Citibank checking account suspension.
Origins: Yet
again a redirection scam has hit the Internet in the guise of messages appearing to come from a well-known financial entity; in this case the wolf is disguised in the clothing of Citibank.
Just like scams perpetrated earlier this year using PayPal and various Internet service providers as camouflage, this one involves messages which appear to be coming from Citibank itself. In this case the fraudulent message falsely announces that Citibank has changed the Terms & Conditions of its checking accounts and informs the recipient that he must follow a hyperlink to indicate his acceptance of these new conditions or his account will be suspended. In a classic case of redirection scamming, however, the page the user is taken to after clicking the link does not reside on the real Citibank site; it's a phony page camouflaged to look like a real Citibank page and hosted on the web site of Nanhua Futures Trading Co. of Zhejiang, China. (Since the redirection URL is an IP address rather than a domain name, the ruse isn't obvious.) The faux Citibank page records the visitor's e-mail address and asks him to enter the first four digits of his Citibank® Banking Card number and his full name, then hides the ruse by bouncing him back to the real Citibank's terms and conditions page.
According to the warning Citibank has posted on their web site:
Citibank is working with law enforcement to aggressively investigate a fraudulent email that has recently been sent as spam to numerous email addresses. Although the email appears to come from Citibank regarding "Your Checking Account at Citibank," it does not, and Citibank is in no way involved in the distribution of this email. The email tells recipients that their Citibank Checking Account will be suspended unless they accept new Terms and Conditions and directs them to a site that appears to be Citibank's. The fradulent site requests the customers' name and the first 4 digits of their ATM card number.
Citibank urges recipients of this email to delete it immediately. Citibank does not ask customers to provide sensitive information in this way. Customers who receive suspicious email purporting to be from Citibank are encouraged to report it to customer service at the number listed on their ATM card. Citibank's systems have not been compromised in any way.
Scams that trick the gullible into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by talking to them. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service through its web site and ask them about the e-mail.
The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner.
Status: False.
Considering the scale of the scam aimed at CitiBank, the scammers might have done some research on it before executing it.
Despite some assurances from the relevant authorities, this kinda fraud/scam still exists... which is not doing any gd to build the confidence of the consumers/users of e-transaction online. If the users are well aware of such scams, online transaction is really that convenient and safe.