Scammers Go 'Phishing' on Internet
Citigroup Inc.'s corporate logo is the latest one to be lifted by Internet scammers as a way to steal information from unwitting consumers.
The scam, known as "phishing ," happens when thieves send consumers e-mails that appear to come from major corporations and direct them to bogus Web sites that look like the companies' real sites. The fake sites typically ask individuals to verify or update certain account information with personal data -- in this case including the first four digits of an ATM number -- which the thieves then can use to obtain phony credit cards and other items.
Citigroup said it is working with law-enforcement officials to investigate the fraudulent e-mails, adding that it doesn't ask customers to provide sensitive information in this way.
Though the e-mails' salutation reads, "Dear Citibank customer," several noncustomers received them -- the first clue that they are fake. Still, at first glance they look authentic: They use Citigroup's red and blue corporate logo and have a link to the official Web site. A closer look, however, shows that the sender isn't from Citigroup but from Juno.com and Yahoo.com addresses.
"We are seeing a lot of this, and it's been my contention that this is one of the biggest threats to brands and consumer confidence that we've seen over the Internet," said Stephen Cobb, senior vice president of research and education at ePrivacy Group, an antispam technology company in Philadelphia. "It's very distressing, and it can't help but have an impact on your assessment, not necessarily of the bank, but of online banking with the bank."
Mr. Cobb said his firm, along with several others, makes technologies that work to sort legitimate e-mails from fakes.
Federal officials, along with the National Consumers League and Internet-service provider EarthLink Inc., recently warned consumers about the increasingly common scam.
Besides EarthLink and Citigroup's Citibank unit, which was the victim of a previous phisher scam, other companies reporting such scams in recent months include Morgan Stanley's Discover unit, eBay Inc. and its PayPal unit, Wachovia Corp.'s First Union unit and the Massachusetts State Lottery. The term "phishing " arose from the hacker community's frequent substitution of "ph" for the letter "f" in describing "fishing" for private data.
The fake Citigroup e-mail asks its so-called customers to "become acquainted" and "agree" to its new terms and conditions. If not, the unsigned e-mail says, it "will have to suspend [their] Citibank checking account." It then asks customers to click on a link to post their consent.
Citigroup is urging recipients of the e-mail to delete it immediately and report it to the company's customer-service department.
The banking powerhouse also said its systems haven't been compromised in any way. It urges customers not to send sensitive personal or financial information online unless it is encrypted on a secure Web site. Regular e-mails aren't encrypted and are more like sending a postcard, said Citigroup.
The company added that customers should look for the padlock symbol on the bottom bar of the browser to ensure that the site is running in a secure mode before entering any sensitive information. The company also urges customers to "use strong passwords or personal identification numbers" on Internet accounts.
花旗标识被非法利用盗取消费者信息
花旗集团(Citigroup Inc., C)的公司标识最近被网上欺骗者利用,成为他们盗取不知实情的消费者敏感信息的手段。
这种骗局被称为"网上信息刺探"(phishing),它是这样发生的:窃贼向顾客发出一种看上去是来自大公司的电子邮件,并通过电子邮件将客户指向那些看上去与这家大公司真实网站类似的虚假网站。这些假网站通常要求消费者个人证实某些具有个人数据的帐户信息的真实性,或者是要求消费者将信息进行更新。在花旗的案例中,消费者被要求证实或更新其社会保险(Social Security)号码。欺诈者随后可以使用这些号码获得假冒的信用卡等物品。
花旗集团称,它正在与执法官员合作,对这些欺诈性的电子邮件进行调查。花旗还表示,它并未以这种方式要求客户提供敏感信息。
尽管这些电子邮件开头的称呼是"尊敬的花旗银行(Citibank)客户",但一些并非花旗客户的人收到了这些电子邮件,这是表明这些电子邮件虚假性的第一个线索。
不过,初看起来,这些电子邮件像是真的:它使用了花旗的红蓝公司标识,并拥有一个指向花旗官方网站的链接。但仔细观察就会发现,该电子邮件的发件者并非花旗集团,而是Juno.com和Yahoo.com上的地址。
上述虚假的花旗电子邮件要求其所谓的客户"熟悉"和"同意"其新条款和条件。这些未署名的电子邮件表示,如果客户不同意,客户的花旗银行支票帐户将被暂停使用。这些电子邮件随后要求客户点击一个链接,将有关内容进行张贴。
美国联邦官员、全美消费者联盟(National Consumers League)及美国第三大互联网服务提供商EarthLink Inc. (ELNK)近期就这种日益普遍的欺诈行为向消费者发出了警告。据《华尔街日报》(The Wall Street Journal)报导,除EarthLink和花旗银行外,摩根士丹利(Morgan Stanley, MWD)的Discover子公司、eBay Inc. (EBAY)及其PayPal子公司、, Wachovia Corp. (WB)的First Union子公司及马萨诸塞州彩票发行部门在最近几个月也公布了此前发生的信息窃取骗局。
花旗集团敦促这些电子邮件的收件者收到电子邮件后立即将其删除,并将事件向该公司的客户服务部门报告。
