[Dshield] Citibank Followup

Nick Heywood nickh at nicksweb.net
Wed Sep 3 23:04:55 GMT 2003

Does nayone know how to disable the automatic displaying of HTML Email in
outlook 2000?


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Blanchard, Joe
Sent: Thursday, 4 September 2003 1:37 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Citibank Followup

Yep, it was pretty crafty. I contacted Citibank last Sat. when
I received a copy. They seemed to already know about this.
The interesting thing was that the content of the email, ok
html, all pointed to what appeared to be valid CitiBank graphics
using <img src="http://validbankdomain.com/banners>
Just one more reason Not to use html as an email format.


-----Original Message-----
From: John Dalton [mailto:dubuque_1 at msn.com]
Sent: Tuesday, September 02, 2003 7:08 PM
To: General DShield Discussion List
Cc: fraud at citigroup.com; abuse at citigroup.com
Subject: [Dshield] Citibank Followup

I have to say, if you were not a suspicious user, this would fool you pretty
well. Looking at the source of the email I only see one line that redirects
the data, otherwise it gathers all its other parts from Citibank's site

The one line I reference is
<td align="center">
 <form action="" method="get">

Which comes back to:
77-5 choongangdong4ga choongkoo
South Korea

You always wonder how many people actually fall for this, since it is a
official looking site. But it  just comes down to the old warning, never
give your password. Or credit information out unless you initiated the

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://www.dshield.org/pipermail/list/attachments/20030904/ee72592a/InterScan_Disclaimer.txt

More information about the list mailing list