Citibank Clients Alerted of Phishing E-mails

A security alert has been issued to Citibank customers that hoax e-mails posing as communication from the financial institution are presently hitting inboxes, published zerosecurity.org dated December 15, 2012.

Bearing the caption "Your Citi Credit statement is ready to view online," the bogus electronic mail, addressing the recipient as customer, tells him that he can now view his card statement with Citibank online. Some important details depicted in his statement are: Date-of-the-Statement: Dec 13, 2012; Balance: -$4,476.63; Minimum Payment: $662 and Due-Date-for-Payment: Jan 1, 2013, the e-mail continues.

It then suggests that the customer can be reminded the due-date-for-payment by registering to receive automated alerts like those labeled as "Payment Due reminders with Alerting Service." The registering should be done on www.citicards.com by opting "Account Profile."

But if he doesn't want the e-mail to show particular details from the card statement then he should mention the request of simply being told that he can now see the statement online, the e-mail concludes.

Security analysts remarking about the phishing e-mail attack state that the recipient may pretty well click the web-link labeled 'View Statement' when he finds the remaining fund on his card as negative as well as a big sum apparently due for payment dated Jan 1, 2013. Clicking will, however, lead him onto a site having BlackHole the attack toolkit.

One more intriguing aspect is that the results from the attack are varied based on the type of browser being utilized on the affected computer.

If the fake website gets opened inside Chrome browser, then the victim will find certain page, which directs him for taking down and planting one malevolent Chrome update. But if the browser is some other then the victim will instantly get malware served through un-patched vulnerabilities within Flash or Java software. Evidently, the above twist is possibly because the BlackHole goes through real difficulty contaminating Chrome users.

As per other researchers, the BlackHole exploits Adobe Reader, Java along with browser security flaws, while Chrome little depends on Adobe Reader for viewing Portable Document Files (PDFs) whilst seeks users' consent before executing Java thereby restricting BlackHole's functioning.

» SPAMfighter News - 12/27/2012