Online Identity Theft Scam Afoot

Posted on August 28, 2013 in IP & Social Media

A flurry of emails masquerading as anti-identity theft procedures are actually designed to fraudulently capture personal information. Citibank is only one among the many companies hit by this viral hoax.

What do the emails look like?

As an example of the e-mails circulating over the past month, the Citibank e-mails deceptively contain (or look like) the Citi® logo and are written in the impersonal tone often associated with major financial services institutions. They may (purportedly) come from “Customer Support” or “Citi® Identity Theft Solutions.”

The announcements start with preying on recent fears — identity theft and terrorism. “Recently, there have been a large number of identity theft attempts targeting Citibank customers,” it begins ominously. Or, in another version: “. . . there have been a large number of computer terrorist attacks over our database server.” “In order to safeguard your account . . .” the message continues, inspiring people to follow its directions to protect their assets.

Regrettably, those who sign on to the Customer Verification Form may also be easily duped, as the link takes the customer to a Citibank-looking site, replete with the (apparent) logos and color schemes of the company.

How can I tell they’re fake?

A careful look at these email announcements reveals the flaws in their scheme. First, they insist that customers input their account (e.g., ATM/Debit card and PIN) information online. In a conversation with Citibank management, we learned that, if there were a real threat to information invasion, people would be asked to make an in-person visit to their bank branch and provide photo ID.

In addition, the grammar of the letter makes no sense. It inspires fear and prompt action by stating that the procedure is “mandatory”; otherwise “your account may be subject to temporary suspension.” Yet, it requires that the customer provide the information “within the nearest time” in order to avoid account suspension. If there truly were a deadline, our sources have told us, there would have been a particular date and time specified. Moreover, the announcement applies to Citibank ATM/Debit cards only, not to the credit cards. In other words, easy cash for the thieves. There is no need for anyone other than you to know your PIN number.

A further tip-off can be seen at the end of the email. Between the end of the “signature” and, perhaps an alleged Citibank copyright notice, they may contain advertisements, like the footers on a Yahoo or MSN email message, such as “Let your home pay for something now . . . . Get $50+.” Or, they contain a litany of words strung together containing absurd punctuation and capitalization: “excuse me The Beatles in 1882 cats and dogs I’m sorry without any Moon Landing . . . .” If the message really came from Citibank (or companies of its ilk), it would not contain gibberish like that.

The following couple of weeks, particularly in New York City with the Republican Convention and the upcoming Labor Day holiday, may be ripe for scams. So watch your wallets – and if notices come from your bank via email, make the effort to go to the bank in person to clarify the situation. Most important: DO NOT EVER GIVE YOUR SOCIAL SECURITY, BANK ACCOUNT, ATM, OR PIN NUMBERS OVER THE INTERNET without verifying the source of the request. Always check directly by telephone or in person with anyone purporting to require this information.

To get the latest posts delivered right to your inbox, enter your email in the box below:

back to top