Re: FW: Abuse report email for CitiBank/CitiCards?

["Jim Gonzalez" <gonzj () dslinmaryland com>]

I just received this a few hours ago not sure if it is legit. Here is the
header info if someone would like to invesigate. Seems like the like is down
already.

Jim Gonzalez


Return-Path: <Royce_Witte () aol com>
Received: from charter.com (gateway-system.cpe.leeds.al.charter.com
[68.117.191.116])
 by kabe.impactbusiness.com (8.12.9/8.12.9) with SMTP id i0C7n4iJ045950
 for <daemon () ttmi com>; Mon, 12 Jan 2004 02:49:06 -0500 (EST)
 (envelope-from Royce_Witte () aol com)
Received: from gateway-system.cpe.leeds.al.charter.com
(gateway-system.cpe.leeds.al.charter.com [68.117.191.116])
        by charter.com (8.12.8p1/8.12.8) with ESMTP id tkxer49024
        for <daemon () ttmi com>; Mon, 12 Jan 2004 07:41:20 -0400 (EST)
Date: Mon, 12 Jan 2004 07:41:18 -0400 (EST)
From: Citibank <citibank124 () aol com>
X-Mailer: The Bat! (v1.61) Personal
Reply-To: Royce_Witte () aol com
X-Priority: 3 (Normal)
Message-ID: <0396188460.47569226428824 () aol com>
To: daemon () ttmi com
Subject: Important Fraud Alert from Citibank
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------92223519829"
X-UIDL: 9G/"!]o,"!Wp4!!^T+"!

------------92223519829
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: base64


Email
      Dear Citibank Account Holder,



      On January 10th 2004 Citibank had to block some accounts in our system
connected with money laundering, credit card fraud, terrorism and check
fraud activity. The information in regards to those accounts has been passed
to our correspondent banks, local, federal and international authorities.

      Due to our extensive database operations some accounts may have been
changed. We are asking our customers to check their checking and savings
accounts if they are active or if their current balance is correct.

      Citibank notifies all it's customers in cases of high fraud or
criminal activity and asks you to check your account's balances. If you
suspect or have found any fraud activity on your account please let us know
by logging in at the link below.


      https://citibank.com/signin/citifi/scripts/login2/login.htm






----- Original Message ----- 
From: "Nicholas Weaver" <nweaver () CS berkeley edu>
To: "Sullivan, Barbra A" <barbra.a.sullivan () citigroup com>
Cc: <bugtraq () securityfocus com>
Sent: Monday, January 12, 2004 5:26 PM
Subject: Re: FW: Abuse report email for CitiBank/CitiCards?


> On Mon, Jan 12, 2004 at 01:52:01PM -0500, Sullivan, Barbra A composed:
> > All,
> >
> > To report such issues for Citibank or Citicards, please refer to the
about email fraud link on www.citibank.com or www.citi.com.
> >
>
> Having used those links in the past and gotten a black hole (no ack,
> and no way to really include header information and similar material,
> for a phishing variant which was not listed among the known variants,
> and included compromised site information), there really needs to be a
> better way.
>
> As mentioned, I got better luck from the hosting firm, but that's
> still not very satisfactory.
>
> -- 
> Nicholas C. Weaver                                 nweaver () cs berkeley edu