At least that is what I was told...


Dear Customer:

Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately.

This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information.

This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension.

Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand.

Please use our secure counter server to indicate that you have signed on, please click the link bellow:

http://219.101.47.75/cgi-scripts

!! Note that we have no particular indications that your details have been compromised in any way.

Thank you for your prompt attention to this matter and thank you for using Citibank(R)

Regards,

Citibank(R) Card Department

(C)2004 Citibank. Citibank, N.A., Citibank, F.S.B.,
Citibank (West), FSB. Member FDIC.Citibank and Arc
Design is a registered service mark of Citicorp.


----------------------- Headers --------------------------------
Return-Path: <support@citibank.com>
Received: from rly-xh01.mx.aol.com (rly-xh01.mail.aol.com [172.20.115.230]) by air-xh04.mail.aol.com (v101_r1.6) with ESMTP id MAILINXH41-4864177bb73ed; Thu, 21 Oct 2004 09:37:41 -0400
Received: from MERKEZ (asy13.as02.apl1.superonline.com [195.33.204.67]) by rly-xh01.mx.aol.com (v101_r1.6) with ESMTP id MAILRELAYINXH18-4864177bb73ed; Thu, 21 Oct 2004 09:37:05 -0400
X-Message-Info: N/a+17+pb/G+30/2126364794638
Received: from smtp-converge.cutout.support@citibank.com ([195.33.204.67]) by p59-cob8.support@citibank.com with Microsoft SMTPSVC(5.0.5377.2453);
Thu, 21 Oct 2004 11:28:53 -0300
Received: from nucleant300.alistair.support@citibank.com (anaglyph210.support@citibank.com [195.33.204.67])
by smtp-adduce.appoint.support@citibank.com (Postfix) with SMTP id 280SDB02L7TBZ
for <camd266@aol.com>; Thu, 21 Oct 2004 10:32:53 -0400
Received: from smtp-kirk.series.support@citibank.com ([195.33.204.67]) by uy4-a95.support@citibank.com with Microsoft SMTPSVC(5.0.3019.9532);
Thu, 21 Oct 2004 19:28:53 +0500
X-Message-Info: UZWBP+%ND_LC_CHAR[1-3]631+wln+ZG+19/2309806212096
Received: from shorthand.support@citibank.com ([3.224.166.56]) by verb.support@citibank.com with MailEnable ESMTP; Thu, 21 Oct 2004 20:30:53 +0600
Date: Thu, 21 Oct 2004 10:36:53 -0400
Message-Id: <5482617695.17252@support@citibank.com>
From: Customer Support <support@citibank.com>
To: Camd266 <camd266@aol.com>
Subject: Dear customer your details have been compromised
MIME-Version: 1.0 (produced by craniumjapan 2.5)
Content-Type: multipart/alternative;
boundary="--13813790507369588"
X-AOL-IP: 195.33.204.67
X-AOL-SCOLL-SCORE: 0:0:0:
X-AOL-SCOLL-URL_COUNT: 0


I got real worried, until I remembered that I don't have a citibank account :rolleyes: :D

traceroute to 195.33.204.67 (195.33.204.67), 30 hops max, 40 byte packets

4 66.54.173.97 (66.54.173.97) 1.584 ms 1.612 ms 1.544 ms
5 Yipes.hsa1.Philadelphia1.Level3.net (63.209.178.161) 17.772 ms 21.939 ms 22.994 ms
6 ge-6-0-0.mp2.Philadelphia1.Level3.net (64.159.0.153) 22.703 ms 18.842 ms 19.981 ms
7 so-6-1-0.bbr2.NewYork1.Level3.net (209.247.8.66) 22.433 ms 46.505 ms 12.690 ms
8 ge-5-0-0.gar1.NewYork1.Level3.net (209.247.9.210) 19.173 ms 19.547 ms 20.480 ms
9 65.59.192.14 (65.59.192.14) 20.739 ms 13.891 ms 11.325 ms
10 bcr3.tsd.cw.net (195.2.1.15) 86.653 ms bcr1.tsd.cw.net (166.63.210.61) 85.264 ms 92.833 ms
11 iar3.tsd.cw.net (166.63.210.27) 85.145 ms 91.007 ms 101.496 ms
12 166.63.209.10 (166.63.209.10) 201.528 ms 166.63.209.14 (166.63.209.14) 191.198 ms 166.63.209.10 (166.63.209.10) 190.143 ms
13 195.175.7.1 (195.175.7.1) 187.699 ms 191.976 ms 201.728 ms
14 195.175.10.2 (195.175.10.2) 198.143 ms 184.699 ms 186.990 ms
15 195.175.16.102 (195.175.16.102) 386.392 ms
16 asy27.as03.apl2.superonline.com (195.33.209.30) 407.405 ms 409.556 ms *

Looks like it came from a subnet of superonline.com, which looks like it's a Turkish class C IP address (?)

Ummm, is that bad?

Nah. I just thought you might be curious of its origin so I did a little research smile.gif

That big list is just the path that my little packet took through the Internet, from my server to the place that sent the message. I ommitted the first 3 addresses for safety.

I got that one 2 months ago like that, then the other day I got one for PayPal that looked pretty realistic but never bit, then I got another fraud attempt from a TC Classified Ad, and most recently last night, I got a spoof for eBay.

These scammers are relentless. I sent some real colorful replies. lmao

Ignore it Travis. I get them all the time and I don't even (and never have) had accounts with any of these businesses.
:rolleyes:

Just the wording of the email you got screams SCAM. Someday maybe when the scammers learn the English language, proper grammar and business writing, they might just come across as legit.

I got the same e-mails. Most credit cards are brokered thru citibank. I called the customer service number on the back of my card. They told me this is an ongoing scam and that citibank does not contact its customers via e-mail.

I hate theives!!!!!!!

Travis, if something was wrong Citi bank would call you trust me. Evertime I buy something and it is over lik 500.00 they call may house within the hour and make sure it was me that bought it.


I get these scams to .

[ 10-22-2004, 08:13 AM: Message edited by: CA420 ]