Cybercriminals are using a fake Citibank website to access your bank account

Mail Online | 1/23/2020 | Stacy Liberatore For
dewbydewby (Posted by) Level 4
Click For Photo:

A new threat is hiding behind Citibank in order to access consumers' bank accounts.

An email scam, claiming to be from the American bank, includes a link to what appears to be an authentic-looking website with 'update-citi .com' as the domain address.

Site - Tricks - Online - Banking - Credentials

The fraudulent site tricks victim's into entering their online banking credentials and then request their personal information.

Users are asked to provide their full name, address, date of birth, last four digits of this social security number, their debit card number and other card information that is typically requested like security codes, according to BleepingComputer that first shared the scam.

Citibank - Spokesperson - DailyMail - Com - Email

A Citibank spokesperson told in an email: 'We encourage our customers to be alert to all types of fraud scams, including suspicious websites and emails, and provide them with detailed information about how to recognize and protect themselves and report such scams.'

'We proactively review customer accounts for fraudulent activity and take appropriate action to protect our customers

Scam - TLS - Certificate - Domain - Lock

The scam uses a TLS certificate for the domain so that a lock appears next to the address, deceiving users into thinking it is a secure website.

'While this should not make a web site appear more legitimate as it only means submitted data is encrypted, for many users a lock symbol tends to lend authenticity to a page,' BleepingComputer said in a blog post.

Consumers - Hand - Information - Form - Attackers

Once consumers hand over their information, each form is given to the attackers server that will then verify the information is authentic.

'It is believed, but not confirmed, that during this period the phishing page will attempt to login to Citibank using the credentials provided by the victim. This is done in the background similar to this Steam phishing scam,' explained BleepingComputer.

Pratik - Savla - Security - Engineer - Cybersecurity

Pratik Savla, senior security engineer at cybersecurity firm Venafi, told Fox News: 'The tool is very easy to set up...
(Excerpt) Read more at: Mail Online
Wake Up To Breaking News!
The only change you ever get from the goverment is what's in your pocket, and worth less every day.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!