US banking giant Citibank has warned that e-mail fraudsters are preying on its current account customers.
The bank confirmed that "numerous" people had received an e-mail, claiming to be from the bank, asking users for their social security numbers.
The e-mail says that the term and conditions of the bank account are changing and demands consent and verification.
The e-mail also links to a website that looks like the real Citibank website.
"Although the e-mail appears to come from Citibank, it does not, and Citibank is in no way involved in the distribution of this e-mail," a spokesman said.
However, as many BBC News Online readers confirm, the fraudulent e-mail appears to have been sent to internet users at random, in the hope of catching out those that have a Citibank account.
Citibank is the second largest retail bank in the New York area and part of Citigroup, the world's largest bank.
The bank is urging its customers to delete the e-mail and call customer services.
The scam is an example of "phishing" - where e-mails direct customers to fake websites in order to extract information.
According to The Inquirer, the webpage is hosted by Nanhua Futures Trading Co in China.
It is not yet clear how many customers have been tricked by the scam.
Have you received the false e-mail? Did you respond?
I received the email and was shocked to discover how authentic it appeared. My wife was ready to sign our lives away before I realised that the type of account mentioned was not ours and the email had not arrived from a recognisable Citibank source.
I received the e-mail and I do have a Citibank Account. I was about to send the information that the e-mail requested - but then I thought - how did they get my e-mail address? So I deleted the e-mail immediately thinking that it was a potential virus and/or a hoax.
I received an email in a similar vein. I purported to be from SwiftPay, advised me someone wanted to pay me money and I had to register. Started to enter details, got to the bit where it wanted my ATM number then backed out. Emailed SwiftPay who said it was a scam.
We received the email a few days ago, just a week after receiving a Citibank loan! Since we had no email contact with Citibank, and never give out the email address it was sent to, I was immediately tipped off that something wasn't right. After checking the sender information on the email, it was apparent it was a fraud. I deleted it without opening attachments. When I heard about how widespread the email was, I was shocked! It truly is scary that something of this magnitude can happen, and put so many people at risk.
I have a Citibank account and got the email. It came from a web-based email account so I knew it was bogus. I copied the URL and pasted into a text editor. The fraudsters do it by sending you to a URL that is much too long to be displayed in your browser bar, then including the '@' symbol followed by the actual address you are going to. Web browsers ignore everything before the '@' so it looks like you are going to the correct address. I think it's harsh to blame Citibank, it could be done using any company.
I did not respond as I had never heard of Citibank before.
I have an account in Japan and also have received this e-mail. It really looks like a real Citibank webpage.
I received the email informing me that as a client of Citibank some things were changing. As I am not a Citibank client, i deleted the email
I did receive this scam e-mail, and submitted some personal details before realizing that the e-mail was fake. However, I only submitted my full name and the first four digits of my (UK) Citicard number, and subsequently reported the incident to Citibank UK.
got it. almost clicked on the link, even after looking at the source-code. however there were a number of graphic errors that caused enough doubt- so in the trash it went.
Did not respond; message detected as spam.
In any event do not have a citibank account!!
Murray R. Drake,
I went to the site and put my login and password in, and now i am out $350 dollars. thanks a heap, Citibank
Yep. We received it. We don't have a Citibank account, though. I recognized it as a spoof that I had read about on new.bbc.co.uk, though. :-)
San Diego, CA, USA
Received the email about a (non-existent) citibank checking account. When link clicked, took me to a page asking for name and SSAN. Unusual cgi. noted in link, not correct for citibank address. Closed link and deleted email.
Received the email -- but I do not have the debit account they were attempting to "verify." Thus I did not respond, yet did not suspect a scam since the page really did appear to come from CitiBank.
George M. Walker,
I have received this e-mail and attempted to forward it to CitiBank but they, unbelievably, don't have this facility available.
I received two copies of this e-mail, through separate accounts. This is probably what made me aware that it was a scam. I could easily have been taken in, as I hold a Citibank credit card.
There was a similar scam a few weeks ago which targeted people with Paypal accounts. It requested credit card details and the PIN number of the card, which the e-mail purported was for "verification" purposes. Since PIN numbers are supposed to be confidential, I should imagine that the vast majority of people would have seen through this one.
It just serves to remind how wary one has to be of what can turn up in one's Inbox, though.
I received the mail, and was suspicious, as I don't actually have a checking account with Citibank.
I must say the page looked pretty plausible.
I thought it was vaguely possible that the bank had somehow got my details from my using an ATM machine, but I eventually decided it was safer to just cut and run. I deleted the mail and ignored it.
United Arab Emirates
I received this email yesterday morning. The email sender didn't even register as from a Citibank mail server but from a USA.net account, so it went straight in the bin. I've had similar emails claiming to be from Ebay which do pretty much try to do the same as this one - direct you to a fake site and ask for personal details. Besides, I don't even have a Citibank account!
I do bank with Citibank, and I did receive the e-mail. I tried to alert them through the net, but their website seems specifically designed so you cannot send them e-mails.
I now have two of these messages, one a couple of months ago. Although I am a Citibank customer, the fraud was noticeable in that there was threat to close down my checking account, and I don't have one of those.
Was sent the e mail, thought it was from my bank. Then when i read it an they were asking for details such as social security number and last numbers of cards, I did not respond. Now glad i didn't!
When I received the email, I suspected that this must be a fraud because I am not a Citibank account holder.
I went on to Citibank's website to report the fraud, but boy, could you find an email address to forward the suspicious email to?
I hunt around the website for a few minutes, and then gave up.
Yes - I received the false e-mail but did not respond, but only because I have a credit card and not a current account with Citibank.
I received a similar fraud email disguised as a customer service update from a major Australian bank asking me to update my customer number and PIN with a link to a phoney site which would then collect customer's personal data. I was immediately suspicious as the phrasing of sentences used in the email was not that of official correspondence from the bank and on closer inspection I noticed that the English used in the email was not that of a native speaker. There were grammatical errors throughout (you'd think they would have checked having gone to all that trouble!). If you receive such an email, just check it out carefully - if it looks suspicious delete it. If there are any hyperlinks in the email check that you are actually taken to the bank's website.
Yes, I use the site to manage my credit card account. The message said that I would no longer be able to access the site unless I opened the attachment and gave my consent to the new terms and conditions. I was immediately suspicious and placed the email in a keep folder without opening - I reckoned that if I lost access to the service then I may dig out the email to see what I had to do - I am glad I didn't. It was very very authentic and quite scary really.