Click For Photo: https://i.dailymail.co.uk/1s/2020/01/23/19/23790234-0-image-a-11_1579808483226.jpg
A new threat is hiding behind Citibank in order to access consumers' bank accounts.
An email scam, claiming to be from the American bank, includes a link to what appears to be an authentic-looking website with 'update-citi .com' as the domain address.
Site - Tricks - Online - Banking - Credentials
The fraudulent site tricks victim's into entering their online banking credentials and then request their personal information.
Users are asked to provide their full name, address, date of birth, last four digits of this social security number, their debit card number and other card information that is typically requested like security codes, according to BleepingComputer that first shared the scam.
Citibank - Spokesperson - DailyMail - Com - Email
A Citibank spokesperson told DailyMail.com in an email: 'We encourage our customers to be alert to all types of fraud scams, including suspicious websites and emails, and provide them with detailed information about how to recognize and protect themselves and report such scams.'
'We proactively review customer accounts for fraudulent activity and take appropriate action to protect our customers
Scam - TLS - Certificate - Domain - Lock
The scam uses a TLS certificate for the domain so that a lock appears next to the address, deceiving users into thinking it is a secure website.
'While this should not make a web site appear more legitimate as it only means submitted data is encrypted, for many users a lock symbol tends to lend authenticity to a page,' BleepingComputer said in a blog post.
Consumers - Hand - Information - Form - Attackers
Once consumers hand over their information, each form is given to the attackers server that will then verify the information is authentic.
'It is believed, but not confirmed, that during this period the phishing page will attempt to login to Citibank using the credentials provided by the victim. This is done in the background similar to this Steam phishing scam,' explained BleepingComputer.
Pratik - Savla - Security - Engineer - Cybersecurity
Pratik Savla, senior security engineer at cybersecurity firm Venafi, told Fox News: 'The tool is very easy to set up...
Wake Up To Breaking News!