Posted by Richard Price on 11 February A new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged.
The Citibank scam tricks users into surrendering their online banking username, password, and additional one-time pin OTP verification code. As you can see, the Citibank email scam appears to originate from the American bank, with the scammers successfully forging the email header address to make it appear to originate from Citibank.
The email falsely advises recipients that their account access has been placed on hold until further verification has been provided. The Citibank phishing email includes a PDF attachment, which asks users to click on an enclosed link to sign into their account. However, your internet browser should normally highlight the true website address or domain, in this case tripeprodcoes.
The user is encouraged to enter their username and password to gain access to their internet banking account, before being directed to the below page:. Now this is where the scam gets interesting: OTP is the second stage of a two-part authentication process which Citibank uses to allow customers to perform a range of online transactions securely.
The subsequent pages in this Citibank scam ask the user to enter further OTP authorisation codes, most likely in an attempt to get them to surrender additional verification information used for a range of different transactions. This Citibank scam is another example of a growing number of sophisticated scams where cyber criminals have devised ways of by-passing authentication steps used by banks.
Educating staff and employing cloud-based email and web filtering will help to protect you from scams like this Citibank phishing campaign. By scanning your emails against a range of common tricks used by cyber criminals in phishing scams, or associated malware campaigns, they can effectively block malicious content at the point of detection, so your staff never have the opportunity to open them.
By complimenting this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions, you can mitigate risk further. Spam Phishing Email Security citibank. The headline and subheader tells us what you're offering , and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for. About Us In the News. New fake Citibank phishing scam sees cyber criminals up their game Posted by Richard Price on 11 February The user is encouraged to enter their username and password to gain access to their internet banking account, before being directed to the below page: As a precaution, we urge you not to click links within emails that: Are not addressed to you by name Appear to be from reputable companies and ask you to click on enclosed links within emails — you should always go to their website directly by typing in the URL into your address bar Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Something Powerful Tell The Reader More The headline and subheader tells us what you're offering , and the form header closes the deal. Bullets are great For spelling out benefits and Turning visitors into leads.
Subscribe to Email Updates.More...