Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Citibank Clients Alerted of Phishing E-mails

A security alert has been issued to Citibank customers that hoax e-mails posing as communication from the financial institution are presently hitting inboxes, published zerosecurity.org dated December 15, 2012.

Bearing the caption "Your Citi Credit statement is ready to view online," the bogus electronic mail, addressing the recipient as customer, tells him that he can now view his card statement with Citibank online. Some important details depicted in his statement are: Date-of-the-Statement: Dec 13, 2012; Balance: -$4,476.63; Minimum Payment: $662 and Due-Date-for-Payment: Jan 1, 2013, the e-mail continues.

It then suggests that the customer can be reminded the due-date-for-payment by registering to receive automated alerts like those labeled as "Payment Due reminders with Alerting Service." The registering should be done on www.citicards.com by opting "Account Profile."

But if he doesn't want the e-mail to show particular details from the card statement then he should mention the request of simply being told that he can now see the statement online, the e-mail concludes.

Security analysts remarking about the phishing e-mail attack state that the recipient may pretty well click the web-link labeled 'View Statement' when he finds the remaining fund on his card as negative as well as a big sum apparently due for payment dated Jan 1, 2013. Clicking will, however, lead him onto a site having BlackHole the attack toolkit.

One more intriguing aspect is that the results from the attack are varied based on the type of browser being utilized on the affected computer.

If the fake website gets opened inside Chrome browser, then the victim will find certain page, which directs him for taking down and planting one malevolent Chrome update. But if the browser is some other then the victim will instantly get malware served through un-patched vulnerabilities within Flash or Java software. Evidently, the above twist is possibly because the BlackHole goes through real difficulty contaminating Chrome users.

As per other researchers, the BlackHole exploits Adobe Reader, Java along with browser security flaws, while Chrome little depends on Adobe Reader for viewing Portable Document Files (PDFs) whilst seeks users' consent before executing Java thereby restricting BlackHole's functioning.

» SPAMfighter News - 27-12-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next