Friday, April 21, 2006

Are Citibank crazy?

I blogged a while ago about Thunderbird's phishing filter trapping a seemingly innnocent mail. Now, a reader has forwarded to me a genuine email from Citibank that he says was trapped by Thunderbird. I'm not going to reproduce the email here because it contains private details of the user, but it is a valid Citibank message.

Thunderbird thinks it's a scam because Citibank uses one of the oldest phishing tricks in the book. The have a URL displayed in the message then when clicked goes to a totally different URL. Here's the offending HTML:

If you do not wish to receive future account-related email,
select the last option at the following link:
<a href="">

So the geniuses send out a message that disguises the link with the link


Shortly after the disguised link there's the following text which links to various sites with information about protecting yourself online. The first link takes you to a Citibank page which has a sub page about email security.
There are simple steps you can take to protect yourself from fraud while online, such as never sending personal or financial information by email. (We'll never ask for it.) For more information, please review the recommendations of the U.S. Government and others at the following sites:
On the email security page ( there are some examples of actual Citibank phish mails that almost certainly used the same technique of URL hiding that Citibank is employing!


If you enjoyed this blog post, you might enjoy my travel book for people interested in science and technology: The Geek Atlas. Signed copies of The Geek Atlas are available.


<$BlogCommentDateTime$> <$BlogCommentDeleteIcon$>

Post a Comment

Links to this post:

<$BlogBacklinkControl$> <$BlogBacklinkTitle$> <$BlogBacklinkDeleteIcon$>
Create a Link

<< Home