- This threat is malicious by design, it uses a URL
spoof to trick users when clicking a hyperlink within
an HTML composed email message
- The hyperlink abuses the user's trust and design
with respect to logon syntax
- The construct of the URL spoof directs the web
browser to a hacker's web page instead of Citibank,
the web site referenced in the HTML email
- T he email does contain links to picture files stored
on the real Citibank web site - this tactic is considered
social engineering as a method to gain credibility
- A n email message was spammed to numerous email
addresses composed with the following basic content
On January 10th 2004 Citibank had to block some accounts in our system connected with money laundering, credit card fraud, terrorism and check fraud activity. The information in regards to those accounts has been passed to our correspondent banks, local, federal and international authorities.
Due to our extensive database operations some accounts may have been changed. We are asking our customers to check their checking and savings accounts if they are active or if their current balance is correct.
Citibank notifies all it's customers in cases of high fraud or criminal activity and asks you to check your account's balances. If you suspect or have found any fraud activity on your account please let us know by logging in at the link below.
Click Here To Login
If the hyperlink is selected, the web browser will not connect to Citibank, but would instead visit the web address 18.104.22.168 and reference the page "login.htm"
The user would give away logon credentials entered
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
- If the email server allows it, disable HTML format
email so that all messages are viewed in standard
- Recommend users also use plain text when viewing
- Avoid clicking hyperlinks in HTML format email messages - open a web browser and visit the intended web site by entering the URL manually