“Phishing” is the practice of sending spam email and deceiving the recipients into divulging their personal information to a malevolent source. I get phished frequently, but occasionally the morons who perpetrate this sort of thing rise to a level that almost makes them look valid. Today I got one such phish from Russia.

Here is the letter (I had to edit this later, so most of it is not longer as it originally appeared). See if you can spot the problems. I’ll note the ones I found at the bottom of this.

From: alerts [alerts@citibank.com]
Sent: Friday, April
21, 2006 8:32 AM
To: Jerry Hertzler
Subject: Banking Alert

 

  Online Security Token will be introduced from April, 1

  What is a CitiBusiness Online Security Token?
A CitiBusiness Online Security Token is a small handheld device that dynamically generates and displays a
one-time use password. All active CitiBusiness Online users will receive
information about its use shortly.

  If your token is out
of order or lost, you can receive a new temporary password for your online
banking work.

  Please click here to confirm the information asked for phone banking authorization
to be able to receive a new temporary password.
 
  If you do not
confirm your details until 04/30/2006 your account will be SUSPENDED for
security reasons and we will send you an Activation Code by post which you
will need to renew your online banking service access. You will receive
this within seven days if your current address is not
confirmed.

 

At the top of this message, you’ll see an E-mail Security Zone.
Its purpose is to help you verify that the e-mail was indeed sent by
Citibank. If you have questions, please call 1-800-374-9700. To
learn more about fraud visit Citibank.com and click “about e-mail
fraud” at the bottom of the screen.

ABOUT THIS
MESSAGE
This message is for information purposes only. Please do not reply
to this customer service e-mail. For deposit account specific inquiries, kindly
call 1-800-374-9700 or visit citibankonline.com. For credit card account
specific inquiries, please call 1-800-950-5114.

Citibank, N.A., Citibank, F.S.B., Citibank (West),
FSB, Citibank Texas, N.A. Member FDIC.
Copyright @ 2005 Citicorp

Did you see them?

1. The first one was no different than all phishing schemes. The “click here” link, the hook on which the entire bait rests, goes to a fraudulent site. This one was in Russia. Here is the link.
http://citibusinessonline.da.us.citibank.com.accountinfo.ru/NN7b2g7N…w/citibusinessonline.php?AdditionalInfo=jerry.hertzler@ccci.org
You can see in the address above (with a little geek knowledge to help) that this is a Russian domain. (accountinfo.ru). Domain names read from right to left starting with the right-most domain name, in this case “.ru”. Anything to the left is a sub-domain of the one to its right. Thus anything to the left of “accountinfo.ru” is still under the control of accountinfo.ru. (Anything to the right of the first slash “/” specifies a location on the web server).

2. The second problem is true of most phishing schemes; they are written in English by someone for whom English is not their mother tongue. We say “before 4/30/2006″ not “until 4/30/2006″. This Russian mobster obviously needed to either study harder himself or hire a better English translator.

3. The third problem reveals just what dopes most phishers really are. Notice the email is copyrighted 2005. Four months into the new year and one of the world’s largest banks, CitiCorp, forgot to update their copyright notice? Not likely.

4. And the biggest problem of all is - the subject line: “Banking Alert” You will never receive an email from CitiBank, or any other trustworthy financial institution with this subject!

Did I miss any?

Hopefully this was just a waste of time for me and told you nothing new. But maybe you now have a little more information by which to recognize future attacks on your personal information.

  Category: General