I got this one today... I wonder how many people get caught by such emails!

The important part, I found, is this:

* PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.

They clearly ask you not to change anything one you are really logged in your account. Which is probably a good idea, because if you give them your credentials first, logging in and changing your password will throw them off a bit!

The other interesting aspect is the email address which includes a strange code:

alerts-5xZKavJ@citibank.com

You wonder how they thought of that one... especially because most businesses will send alerts with accounts such as "noreply@my-business.com" and not some auto-generated email.

The signature at the end is also funny...

FYI, the form was being sent to http://209.140.27.85/cgi-bin/zzz/zzz

Return-Path: <alerts-5xZKavJ@citibank.com>
X-Original-To: alexis@m2osw.com
Delivered-To: alexis@m2osw.com
X-Greylist: delayed 733 seconds by postgrey-1.34 at jc; Wed, 11 Feb 2015 11:00:11 PST
Received: from genmar.net (mail.genmar.net [67.214.96.82])
    (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (No client certificate requested)
    by mail.m2osw.com (Postfix) with ESMTPS id DCAC6CE03EA
    for <alexis@m2osw.com>; Wed, 11 Feb 2015 11:00:11 -0800 (PST)
Received: from [62.108.229.134] ([62.108.229.134])
        by genmar.net (Merak 8.9.0-1) with ASMTP id YUF83325
        for <alexis@m2osw.com>; Wed, 11 Feb 2015 12:46:25 -0600
MIME-Version: 1.0
Received: from [31.91.67.86] by mailhost.hzlues.com with ESMTP; Wed, 11 Feb 2015 18
Message-ID: <73ce96349023427187ea25d7e69c9c11@citibank.com>
X-Originating-IP: [217.30.200.21]
From: "alerts@citibank.com" <alerts-5xZKavJ@citibank.com>
Subject: Suspicious Account Activity Reference XjzIEx8
To: "alexis@m2osw.com" <alexis@m2osw.com>
Date: Wed, 11 Feb 2015 19:47:04 +0100
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_FA97_7572E06D.FBE8365D"

 

Your personal details are safe and sound at Citi. It's a top priority to keep your information private and secure.		Authorization Required       In order to provide you with extra security, we occasionally need to ask for additional information when you access your accounts online.  Please enter the information below and click Continue.  All your details remain private and secure at Citi. * Required Fields       Citibank Online Login: Please verify your Citibank Online User ID and Password                            * User ID:                                  * Password: Name:                               Prefix: ----Mr.Mrs.MissMs.Dr.REV.                            * First Name:                            * Last Name: Address:                             * Address:                             * City:                             * State: -----AKALARAZCACOCTDCDEFLGAHIIAIDILINKSKYLAMAMDMEMIMNMOMSMTNCNDNENHNJNMNVNYOHOKORPARISCSDTNTXUTVAVTWAWIWVWY                             * Zip: Proof of your identity:                             * Social Security Number:                             * Date of Birth: / / mm/dd/yyyy                             * E-mail Address:   Security Words:                            * Mother`s Maiden Name:                            * First school attended:   Additional Information: Please verify that you are the true holder of this account                                 * ATM/Debit Card Number:                           * Expiration Date: / mm/yyyy                           * CVV2 :                           * PIN (you enter at ATMs) :                           * Account Number:                                                                                                                                                        * PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.