[Dshield] Citibank Followup

Nick Heywood nickh at nicksweb.net
Wed Sep 3 23:04:55 GMT 2003


Does nayone know how to disable the automatic displaying of HTML Email in
outlook 2000?

Regards
Nick

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Blanchard, Joe
Sent: Thursday, 4 September 2003 1:37 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Citibank Followup


Yep, it was pretty crafty. I contacted Citibank last Sat. when
I received a copy. They seemed to already know about this.
The interesting thing was that the content of the email, ok
html, all pointed to what appeared to be valid CitiBank graphics
using <img src="http://validbankdomain.com/banners>
Just one more reason Not to use html as an email format.

Cheers
-Joe


-----Original Message-----
From: John Dalton [mailto:dubuque_1 at msn.com]
Sent: Tuesday, September 02, 2003 7:08 PM
To: General DShield Discussion List
Cc: fraud at citigroup.com; abuse at citigroup.com
Subject: [Dshield] Citibank Followup


I have to say, if you were not a suspicious user, this would fool you pretty
well. Looking at the source of the email I only see one line that redirects
the data, otherwise it gathers all its other parts from Citibank's site
itself.

The one line I reference is
<td align="center">
 <form action="http://211.193.190.42:65085/cgi-bin/c2it.php" method="get">

Which comes back to:
KOREA TELECOM PUSAN NODE
77-5 choongangdong4ga choongkoo
PUSAN
600-014
South Korea

You always wonder how many people actually fall for this, since it is a
official looking site. But it  just comes down to the old warning, never
give your password. Or credit information out unless you initiated the
contact.

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://www.dshield.org/pipermail/list/attachments/20030904/ee72592a/InterScan_Disclaimer.txt


More information about the list mailing list