Thunderbird thinks it's a scam because Citibank uses one of the oldest phishing tricks in the book. The have a URL displayed in the message then when clicked goes to a totally different URL. Here's the offending HTML:
If you do not wish to receive future account-related email,
select the last option at the following link:
So the geniuses send out a message that disguises the link http://info.citicards.com/ with the link http://www.email.citicards.com/.
Shortly after the disguised link there's the following text which links to various sites with information about protecting yourself online. The first link takes you to a Citibank page which has a sub page about email security.
SECURITY/ PROTECTING YOURSELF ONLINEOn the email security page (http://www.citibank.com/us/cards/cardserv/advice/safe_email.htm) there are some examples of actual Citibank phish mails that almost certainly used the same technique of URL hiding that Citibank is employing!
There are simple steps you can take to protect yourself from fraud while online, such as never sending personal or financial information by email. (We'll never ask for it.) For more information, please review the recommendations of the U.S. Government and others at the following sites: