This is what I got in my email today:


Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

Please make sure you have your Citibank ATM/Debit card and recent statement at hand.

To securely update your Citibank ATM/Debit card PIN please go to:

### link was here ###

Please note that this update applies to your Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.

Thank you for your prompt attention to this matter and thank you for using Citibank!

Regards,

Theodore Garner
Head of Citi® Identity Theft Solutions


This got me interested, so clicking on the link takes you to a realistic looking page - but which wasn't the https (secure) address as in the email - and I spied with my little eye the fact that clicking on the link the browser flashed up an IP address first, even on broadband there's a second delay before it resolved into the webpage - so a quick look at the source code of the email resulted in the link being an IP address.

I tracked it down in a whois via Network Solutions, and the address doesn't belong to Citibank (surprise!) but some tosser abusing the AsiaPacific IP network - and reading through their policies - they won't do jack to help you if they're being abused.

Soooo - I firstly wonder how many people would be gulible enough to actually fall for shite like this, and is there anyway of getting the tossers who do this and chopping off certain parts of their anatomy?

I would recommend that you forward the email onto your bank. They are always interested to know when there are attempts of this nature. Lloyds TSB are often displaying notices on their online services warning whenever there have been reports to them of emails of this nature.

They often DO have the clout to sort things out, even if it's just getting one account shutdown. When it comes to being unhelpful, to a consumer it is easy for an ISP to get away with it, especially in a remote control. When it comes to a bank or higher level ISP seeking legal action as a result, they tend to be more co-operative, or face having them completely disconnected at an ISP level.

Good plan that man - I'll have a sniff through my banks online resources.

Passing the buck as they say ;)

But don't it just get up your nose that someone managed to throw a random address into the void and you recieve this shite - which luckily I know what it is - but if I remember roughly, a few billion quid per year is lost in ID fraud - so some scumbuckets are getting rich from ordinary tax paying peoples.

I know I shoudn't be, but I'm shamefully impressed that you have a Citibank account.

People do fall for this shit, though. I just don't understand what would posess someone to enter their PIN anywhere but in a cashpoint.

Actually - I don't have a CitiBank account! It's just some random email to me. Hence my indepth investigation ;)

Not quite the same but I phoned my bank, The Co-op (I like to keep my money in my home city - thier head office is my local branch) and the guy on the other end of the phone had the same name as me (not a very common surname), supported the same footy team and lived about 10 miles from me. Should I be worried?

No Citizen - remain calm. All is good, there is nothing to worry about - take two red pills and two hours take two more.

I've only got little white pills and I'm not sure they would calm me down.