Citibank Security Team—Multiple computers have attempted to log into your account

Interesting... these people sent an email with two links one of which does not correspond at all to its label. I suppose most people do not notice these problems before clicking. And as usual, the emails includes URLs to non-secure pages (http instead of https) and the URLs start with numbers (the IP address here was: 81.113.212.146). Finally, that's the wrong URL for access to citibank. He! He! He!

Also the HTML is quite bad. I left the closing body found at the beginning since I find that quite funny... He! He! He!

So? What else? The subject line is rather weird, never got one like that from my bank... But look at the To: line. Ho! Yeah! undisclosed-recipients;. Thus my bank sends me a message as bulk email. In other words they sent that to many other people I'd guess. It's probably because there are many people like me who just got their account tempered. Wharf! 

Received:			from snap.turnwatcher.com
				by substitute with [XMail 1.22 ESMTP Server]
				id <S12530> for <@mail.m2osw.com:alexis@halk.m2osw.com>
				from <service@citibank.com>; Tue, 19 Dec 2006 17:12:18 -0800
Received:			from mail.com (unknown [69.2.42.182])
				by snap.turnwatcher.com (Postfix) with SMTP id 753CD26AD13
				for <alexis@m2osw.com>; Tue, 19 Dec 2006 17:17:35 -0800 (PST)
Reply-To:			<service@citibank.com>
From:				"service@citibank.com" <service@citibank.com>
Subject:			CitiBank Account Security Measures Notification
				[WEDNESDAY, December 19, 2006 02:45:10 DST -0400 UTC]
Date:				Tue, 19 Dec 2006 19:17:35 -0600
MIME-Version:			1.0
Content-Type:			text/html; charset="Windows-1251"
Content-Transfer-Encoding:	7bit
X-Priority:			1
X-MSMail-Priority:		High
X-Mailer:			Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE:			Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id:			<20061220011735.753CD26AD13@snap.turnwatcher.com>
To:				undisclosed-recipients:;
</body> Dear Citibank Member,


We recently have discovered that multiple computers have attempted to log into your Citibank Credit Card Online Account, and multiple password failures were presented before the logons. We now require you to update your account information .
If this is not completed by December 22, 2006, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.



To continue please <a href="http://81.113.212.146/www.citibank.com/update/index.html">CLICK HERE</a> or on the link :

<a href="http://81.113.212.146/www.citibank.com/update/index.html"> http://www.citibank.com/cards/secure/</a>

Thank You

www.citibank.com

Citibank Security Team

© 2006 Citibank Corporation. All rights reserved.

Submitted by on Wed, 03/07/2007 - 18:48