BBC News
watch One-Minute World News
Last Updated: Tuesday, 19 August 2003, 13:53 GMT 14:53 UK
E-mail fraudsters attack Citibank
US banking giant Citibank has warned that e-mail fraudsters are preying on its current account customers.

The bank confirmed that "numerous" people had received an e-mail, claiming to be from the bank, asking users for their social security numbers.

The e-mail says that the term and conditions of the bank account are changing and demands consent and verification.

The e-mail also links to a website that looks like the real Citibank website.

"Although the e-mail appears to come from Citibank, it does not, and Citibank is in no way involved in the distribution of this e-mail," a spokesman said.

However, as many BBC News Online readers confirm, the fraudulent e-mail appears to have been sent to internet users at random, in the hope of catching out those that have a Citibank account.

Chinese origins?

Dear Citibank customer,
We are letting you know, that you, as a Citibank checking account holder, must become acquainted with our new Terms & Conditions and agree to it. Please, carefully read all the parts of our new Terms & Conditions and post your consent. Otherwise, we will have to suspend your Citibank checking account. This measure is to prevent misunderstanding between us and our valued customers. We are sorry for any inconvinience it may cause. Click here to access our Terms & Conditions page and not allow your Citibank checking account suspension. 2003 Citibank. Citibank (West), FSB. Member FDIC. Citibank with Arc Design is a registered service mark of Citicorp.

Citibank is the second largest retail bank in the New York area and part of Citigroup, the world's largest bank.

The bank is urging its customers to delete the e-mail and call customer services.

The scam is an example of "phishing" - where e-mails direct customers to fake websites in order to extract information.

According to The Inquirer, the webpage is hosted by Nanhua Futures Trading Co in China.

It is not yet clear how many customers have been tricked by the scam.

Have you received the false e-mail? Did you respond?

I received the email and was shocked to discover how authentic it appeared. My wife was ready to sign our lives away before I realised that the type of account mentioned was not ours and the email had not arrived from a recognisable Citibank source.
Barrilton Farnsworth, UK

I received the e-mail and I do have a Citibank Account. I was about to send the information that the e-mail requested - but then I thought - how did they get my e-mail address? So I deleted the e-mail immediately thinking that it was a potential virus and/or a hoax.
Hoover, Canada

I received an email in a similar vein. I purported to be from SwiftPay, advised me someone wanted to pay me money and I had to register. Started to enter details, got to the bit where it wanted my ATM number then backed out. Emailed SwiftPay who said it was a scam.
Debbi Sandford, UK

We received the email a few days ago, just a week after receiving a Citibank loan! Since we had no email contact with Citibank, and never give out the email address it was sent to, I was immediately tipped off that something wasn't right. After checking the sender information on the email, it was apparent it was a fraud. I deleted it without opening attachments. When I heard about how widespread the email was, I was shocked! It truly is scary that something of this magnitude can happen, and put so many people at risk.
Dana Detrick-Clark, USA

I have a Citibank account and got the email. It came from a web-based email account so I knew it was bogus. I copied the URL and pasted into a text editor. The fraudsters do it by sending you to a URL that is much too long to be displayed in your browser bar, then including the '@' symbol followed by the actual address you are going to. Web browsers ignore everything before the '@' so it looks like you are going to the correct address. I think it's harsh to blame Citibank, it could be done using any company.
Andrew Buonocore, UK

I did not respond as I had never heard of Citibank before.
Mikhail, Russia

I have an account in Japan and also have received this e-mail. It really looks like a real Citibank webpage.
Leonard, Japan

I received the email informing me that as a client of Citibank some things were changing. As I am not a Citibank client, i deleted the email
Ross Smith, Canada

I did receive this scam e-mail, and submitted some personal details before realizing that the e-mail was fake. However, I only submitted my full name and the first four digits of my (UK) Citicard number, and subsequently reported the incident to Citibank UK.
Tony Gill, USA

got it. almost clicked on the link, even after looking at the source-code. however there were a number of graphic errors that caused enough doubt- so in the trash it went.
ej, usa

Did not respond; message detected as spam. In any event do not have a citibank account!!
Murray R. Drake, Samoa

I went to the site and put my login and password in, and now i am out $350 dollars. thanks a heap, Citibank
Willy Hay, Australia

Yep. We received it. We don't have a Citibank account, though. I recognized it as a spoof that I had read about on, though. :-) Thanks.
Travis, San Diego, CA, USA

Received the email about a (non-existent) citibank checking account. When link clicked, took me to a page asking for name and SSAN. Unusual cgi. noted in link, not correct for citibank address. Closed link and deleted email.
Nina Hansberry, USA

Received the email -- but I do not have the debit account they were attempting to "verify." Thus I did not respond, yet did not suspect a scam since the page really did appear to come from CitiBank.
George M. Walker, USA

I have received this e-mail and attempted to forward it to CitiBank but they, unbelievably, don't have this facility available.
Neil MacDonald, United States

I received two copies of this e-mail, through separate accounts. This is probably what made me aware that it was a scam. I could easily have been taken in, as I hold a Citibank credit card. There was a similar scam a few weeks ago which targeted people with Paypal accounts. It requested credit card details and the PIN number of the card, which the e-mail purported was for "verification" purposes. Since PIN numbers are supposed to be confidential, I should imagine that the vast majority of people would have seen through this one. It just serves to remind how wary one has to be of what can turn up in one's Inbox, though.
Graham Tully, UK

I received the mail, and was suspicious, as I don't actually have a checking account with Citibank. I must say the page looked pretty plausible. I thought it was vaguely possible that the bank had somehow got my details from my using an ATM machine, but I eventually decided it was safer to just cut and run. I deleted the mail and ignored it.
Michael Guy, United Arab Emirates

I received this email yesterday morning. The email sender didn't even register as from a Citibank mail server but from a account, so it went straight in the bin. I've had similar emails claiming to be from Ebay which do pretty much try to do the same as this one - direct you to a fake site and ask for personal details. Besides, I don't even have a Citibank account!
Wayne Knowles, Hong Kong

I do bank with Citibank, and I did receive the e-mail. I tried to alert them through the net, but their website seems specifically designed so you cannot send them e-mails.
Jordi, Vietnam

I now have two of these messages, one a couple of months ago. Although I am a Citibank customer, the fraud was noticeable in that there was threat to close down my checking account, and I don't have one of those.
Norman Allin, Thailand

Was sent the e mail, thought it was from my bank. Then when i read it an they were asking for details such as social security number and last numbers of cards, I did not respond. Now glad i didn't!
Shirlieann Chalmers, USA

When I received the email, I suspected that this must be a fraud because I am not a Citibank account holder. I went on to Citibank's website to report the fraud, but boy, could you find an email address to forward the suspicious email to? I hunt around the website for a few minutes, and then gave up.
Tau Lim, UK

Yes - I received the false e-mail but did not respond, but only because I have a credit card and not a current account with Citibank.
C Gourlay, Hong Kong

I received a similar fraud email disguised as a customer service update from a major Australian bank asking me to update my customer number and PIN with a link to a phoney site which would then collect customer's personal data. I was immediately suspicious as the phrasing of sentences used in the email was not that of official correspondence from the bank and on closer inspection I noticed that the English used in the email was not that of a native speaker. There were grammatical errors throughout (you'd think they would have checked having gone to all that trouble!). If you receive such an email, just check it out carefully - if it looks suspicious delete it. If there are any hyperlinks in the email check that you are actually taken to the bank's website.
Sharyn, Australia

Yes, I use the site to manage my credit card account. The message said that I would no longer be able to access the site unless I opened the attachment and gave my consent to the new terms and conditions. I was immediately suspicious and placed the email in a keep folder without opening - I reckoned that if I lost access to the service then I may dig out the email to see what I had to do - I am glad I didn't. It was very very authentic and quite scary really.
Paul Howard, USA

US banks fined over Enron
29 Jul 03 |  Business
Citigroup boss steps down
16 Jul 03 |  Business
Consumer business boosts Citigroup
14 Apr 03 |  Business

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific