Suspicious Account Activity Reference XjzIEx8

I got this one today... I wonder how many people get caught by such emails!

The important part, I found, is this:

* PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.

They clearly ask you not to change anything one you are really logged in your account. Which is probably a good idea, because if you give them your credentials first, logging in and changing your password will throw them off a bit!

The other interesting aspect is the email address which includes a strange code:

alerts-5xZKavJ@citibank.com

You wonder how they thought of that one... especially because most businesses will send alerts with accounts such as "noreply@my-business.com" and not some auto-generated email.

The signature at the end is also funny...

FYI, the form was being sent to http://209.140.27.85/cgi-bin/zzz/zzz


Return-Path: <alerts-5xZKavJ@citibank.com>
X-Original-To: alexis@m2osw.com
Delivered-To: alexis@m2osw.com
X-Greylist: delayed 733 seconds by postgrey-1.34 at jc; Wed, 11 Feb 2015 11:00:11 PST
Received: from genmar.net (mail.genmar.net [67.214.96.82])
    (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (No client certificate requested)
    by mail.m2osw.com (Postfix) with ESMTPS id DCAC6CE03EA
    for <alexis@m2osw.com>; Wed, 11 Feb 2015 11:00:11 -0800 (PST)
Received: from [62.108.229.134] ([62.108.229.134])
        by genmar.net (Merak 8.9.0-1) with ASMTP id YUF83325
        for <alexis@m2osw.com>; Wed, 11 Feb 2015 12:46:25 -0600
MIME-Version: 1.0
Received: from [31.91.67.86] by mailhost.hzlues.com with ESMTP; Wed, 11 Feb 2015 18
Message-ID: <73ce96349023427187ea25d7e69c9c11@citibank.com>
X-Originating-IP: [217.30.200.21]
From: "alerts@citibank.com" <alerts-5xZKavJ@citibank.com>
Subject: Suspicious Account Activity Reference XjzIEx8
To: "alexis@m2osw.com" <alexis@m2osw.com>
Date: Wed, 11 Feb 2015 19:47:04 +0100
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_FA97_7572E06D.FBE8365D"

 
Lock image

Your personal details are safe and sound at Citi.

It's a top priority to keep your information private and secure.

 

Authorization Required

 
 
 

In order to provide you with extra security, we occasionally need to ask for additional information when you access your accounts online. 

Please enter the information below and click Continue.

 
 
 

Citibank Online Login:

Please verify your Citibank Online User ID and Password

 

                          

Name:

                          

Address:

Proof of your identity:

/ / mm/dd/yyyy

 

Security Words:

 

Additional Information:

Please verify that you are the true holder of this account      

/ mm/yyyy

                                                                   

                                                                                  

* PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.