'Phishers' Use Citigroup Logo
To Try To Steal Personal Info
By TARA SIEGEL BERNARD
DOW JONES NEWSWIRES
NEW YORK -- Citigroup Inc.'s corporate logo is the latest one to be lifted by Internet scammers as a way to steal information from unwitting
consumers.
The scam, known as "phishing," happens when thieves send consumers e-mails that appear to come from major corporations and direct them to
bogus Web sites that look just like the company's real sites. The fake sites typically ask individuals to verify or update certain account information with
personal data -- in this case, Social Security numbers -- which they then can use to obtain phony credit cards and other items.
Citigroup said it is working with law-enforcement officials to investigate the fraudulent e-mails, adding that it doesn't ask customers to provide
sensitive information in this way.
Though the e-mail's salutation reads, "Dear Citibank customer," several noncustomers received the e-mail -- the first clue that it is fake. Still, at first
glance, the e-mail looks authentic: It uses Citigroup's red and blue corporate logo and has a link to the official Web site. A closer look, however,
shows that the sender isn't from Citigroup but from Juno.com and Yahoo.com addresses.
"We are seeing a lot of this, and it's been my contention that this is one of the biggest threats to brands and consumer confidence that we've seen over
the Internet," said Stephen Cobb, senior vice president of research and education at ePrivacy Group, an anti-spam technology company in Philadelphia.
"It's very distressing, and it can't help but have an impact on your assessment, not necessarily of the bank, but of online banking with the bank."
Mr. Cobb said his firm, along with several others, make technologies that work to sort legitimate e-mails from fakes.
The fake Citigroup e-mail asks its so-called customers to "become acquainted" and "agree" to its new terms and conditions. If not, the unsigned e-mail
says, it "will have to suspend [their] Citibank checking account." It then asks customers to click on a link to post their consent.
Federal officials, along with the National Consumers League and EarthLink Inc., the nation's No. 3 Internet service provider, recently warned
consumers about this increasingly common scam. In addition to EarthLink, Citibank, Morgan Stanley's Discover unit, eBay Inc. and its PayPal unit,
Wachovia Corp.'s First Union unit and the Massachusetts State Lottery reported previous phisher scams in recent months.
The term "phishing" arose from the hacker community's frequent substitution of "ph" for the letter "f" in "fishing" for private data.
Citigroup is urging recipients of the e-mail to delete it immediately and report it to the company's customer service department.
The banking giant also assured that its systems have not been compromised in any way. It urges customers not to send sensitive personal or financial
information online unless it is encrypted on a secure Web site. Regular e-mails are not encrypted and are more like sending a post card, the bank said.
Customers should look for the padlock symbol on the bottom bar of the browser to ensure the site is running in a secure mode before entering any
sensitive information. It also urges customers to "use strong passwords or personal identification numbers" on Internet accounts |
