It seems phishers are on the prowl again.
An email was circulated yesterday claiming to be from CitiBank, and saying that the user's CitiBank Internet Banking account "has been accessed by an unauthorized third party".
It then goes on to say that the account has now been locked due to security concerns and to restore access, an update of the account must be done.
A link is provided to an uncannily authentic-looking page that seems, on first impression, like any other online form.
For added effect, the email even has a "privacy and security" clause, listing the Citigroup's privacy policies and guarantee.
This smacks of fraud because it is highly unlikely that a bank would use such methods to alert a customer on a compromised account. One of those who received the email does not even have a CitiBank account and she immediately suspects that the phishers have struck again.
Also, if you are using Internet Explorer 8, the built-in phishing detector tool on your browser will indicate that the page the email link leads to is a phishing site.
When contacted, a CitiBank customer officer said: "We can confirm that it's not sent by us".
"As a rule of thumb, the bank will never request for personal information like this through email," she continues.
CitiBank also says that "there has been a few versions" of such phishing attempts going around, and are reviewing the email referred to. They will be sending out an official notice to alert their customers of such cases.
Phishing is a common cyber-crime, involving an elaborate construction of a website that looks amazingly like the original. Unsuspecting users are then asked to fill up an online form to verify their particulars, supplying sensitive information like account numbers and passwords.
Once phishers get hold of enough data or their site's cover has been blown, it is quickly taken down, its traces and stash of valuable stolen information, disappearing like thin air into the vastness of cyberspace.
The cyber criminals then use the personal data gathered to hack into the accounts.
All in all, a rather nifty trick.
Any user who has received the email is also strongly encouraged to call up the bank to check before supplying any information to the site given.
