MacHouse video tutorials for Mac search engine optimization Spam database Web Hosting providers Web Hosting review web hosting providers MacHouse Help

December 28, 2008

Phishing Mail Circulated to Scam CitiBank Online Banking Users - Part 1

Filed under: Internet security — Administrator @ 1:35 pm
Posted about 1 years and 8 months ago

anti spam






TOKYO (MacHouse) - More than two hours ago, a cyber criminal group circulated a spam message involving a financial institution in South Dakota, USA. (Screenshot 01 shows the index page of CitiBank’s website.) The subject line of the unwanted message is Security Alert ID: 62216216183. (Screenshot 02.) The message was sent after three failed login attempt, the spam message says. And the mail recipient is advised to click on the hyperlink to unlock an online banking account. The underlying URL is http://kalim.ba/logins.php.





CitiBank South Dakota phishing spam message
Screenshot 01 - Source:
CitiBank, N.A.		   CitiBank South Dakota phishing spam message
Screenshot 02 - Source:
MacHouse		   CitiBank South Dakota phishing spam message
Screenshot 03 - Source:
kalim.ba






Clicking on the hyperlink in the phishing message, one will be directed to a phishing website hosted at the domain of kalim.ba. At the time of our investigation, accessing the domain displayed a 500 internal server error. (Screenshot 03.) That’s most likely to be a script error. And the phishing website to scam CitiBank’s online banking users still exists.  

Our preliminary analysis shows that a phishing website may still exist and is hosted by a web server belonging to Liquid Web of Lansing, Michigan, USA. Furthermore, the origin of the phishing message is most likely to be Turkey (85.106.93.110) or Singapore (team108.com). We will have a more detailed report in several hours.





********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?







Leave a Reply


You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.

Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.

Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.

Subscribe without commenting