[Dshield] Heads up, Another Phishing scheme

Doug White doug at clickdoug.com
Fri Feb 27 19:40:14 GMT 2004


 trace back on that appears to have been sent via an open relay in Korea, served
by Bora.net, and the link is in a Japanese net block.  The link once you enter
your information sends you someplace else, that I was not able to determine via
a safe browser.

I hope you sent a copy of all that to the fraud department at CitiCorp.



======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
If you woke up breathing, congratulations! You have another chance!



----- Original Message ----- 
From: "Deb Hale" <haled at pionet.net>
To: <list at dshield.org>
Sent: Friday, February 27, 2004 8:31 AM
Subject: [Dshield] Heads up, Another Phishing scheme


:
: FYI, I just received this email today.
:
: _________________________________________________________________________
: Date: Fri, 27 Feb 2004 11:45:01 +0400
: From: "support at citibank.com" <support at citibank.com>
: To: gwmmm at pionet.net
:
:
:
:
:
:
:
:
: Subject: Citibank E-mail verification
:
:
:
: Dear Citibank Member,
:
:
: This email was sent by the Citibank server to verify your E-mail
: address. You must complete this process by clicking on the link
: below and entering in the small window your Citibank ATM/Debit
: Card number and PIN that you use on ATM.
:
:
: This is done for your protection - because some of our members
: no longer have access to their email addresses and we must
: verify it.
:
:
: To verify your E-mail address and access your bank account,
: click on the link below:
:
: https://web.da-us.citibank.com/signin/citifi/scripts/email_verifyjsp
:
:
: ---------------------------------------
:
: Thank you for using Citibank
:
: ---------------------------------------
: ____________________________________________________________________________
: ____________
: When I click on the link it takes me to what appears to be:
: https://web.da-us.citibank.com/signin/citifi/scripts/email_verifyjsp
:
: Which appears to actually resolve to:
:
: http://210.169.91.178/scripts/index.htm
:
: ____________________________________________________________________________
: ______________
: This is the header record for the email.
: Received: from source ([210.207.62.249]) by exprod5mx76.postini.com
: ([12.158.34.245]) with SMTP;
: Thu, 26 Feb 2004 23:45:58 PST
: Received: from 100.208.67.201 by 210.207.62.249; Fri, 27 Feb 2004 13:38:01
: +0600
: Message-ID: <XXACJPFWCFHSKXYNMQDEY at hotmail.com>
: From: "support at citibank.com" <support at citibank.com>
: Reply-To: "support at citibank.com" <support at citibank.com>
: To: gwmmm at pionet.net
: Cc: haled at pionet.net, phillips at pionet.net, tia at pionet.net,
: scooter at pionet.net, khinman at pionet.net, hammfrms at pionet.net,
: slam at pionet.net, slarson at pionet.net
: Subject: Citibank E-mail verification
: Date: Fri, 27 Feb 2004 11:45:01 +0400
: MIME-Version: 1.0
: Content-Type: multipart/alternative;
: boundary="--398202192899105"
: X-Webmail-Time: Fri, 27 Feb 2004 04:40:01 -0300
: X-pstn-levels:     (S: 0.51626/96.19186 R:95.9108 P:95.9108 M:94.3536
: C:90.6865 )
: boundary="
:
:
:
: Deb
:
:
: _______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
:
:




More information about the list mailing list