Phishing attack

Chinese crooks are at it again.

This time they are targeting the Australian customers of CitiBank with a "phishing" attack.

Briefly if you get an email from your bank asking you to confirm your account and PIN details on line, don’t do it.

The gory details:

Recently a member of the NSM received an email, supposedly from CitiBank, Australia asking him to confirm credit card and pin number details

"This maintenance letter was brought to you because we want to ensure that your Citicard is still in use.

Be advised that you need to sign in to your account to confirm card possession.

Please use the link below to proceed and to access your account."

Yeah, right.

#1 The NSM member is not a customer of Citibank
#2 Any bank only has to check their own records to see if a card is still in use.
#3 He had heard about these scams before.

Sure enough, clicking on the link took him to what appeared to be a Citibank site. The URL certainly looked good.

However running Neotrace it on this site and it turned out that the site is hosted in Shanghai.

Why would an Australian bank be hosted in Shanghai??

Neotraceit information for the Phishing site

 
[whois.apnic.net node-1]
  Whois data copyright terms   
 http://www.apnic.net/db/dbcopyright.html
 
inetnum:      61.129.112.0 - 61.129.119.255
netname:      SHANGHAI-GLOBAL-NET
descr:        Shanghai Global Network Co., Ltd.
country:      CN
admin-c:      JY81-AP
tech-c:       JY81-AP
mnt-by:       MAINT-CHINANET-SH
status:       ASSIGNED NON-PORTABLE
changed:      ip-admin@mail.online.sh.cn 20010720
changed:      hm-changed@apnic.net 20040927
source:       APNIC
 
person:       Ji Yi
address:      3F,333 North Jiangxi Road,
              Shanghai,200085,PRC
country:      CN
phone:        +86-21-33010742
fax-no:       +86-21-63073019
e-mail:       jiyi@81890.net
nic-hdl:      JY81-AP
mnt-by:       MAINT-CHINANET-SH
changed:      sptwxl@online.sh.cn 20000920
source:       APNIC

Neotrace it details for the real Citibank

OrgName:    Citicorp Global Information Network 
OrgID:      CGIN
Address:    388 Greenwich
City:       New York
StateProv:  NY
PostalCode: 10013
Country:    US

NetRange:   192.193.0.0 - 192.193.255.255 
CIDR:       192.193.0.0/16 
NetName:    CITICORP-C
NetHandle:  NET-192-193-0-0-1
Parent:     NET-192-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.NSROOT1.COM
NameServer: NS2.NSROOT2.COM
Comment:    
RegDate:    1992-07-06
Updated:    2003-08-14

TechHandle: KM9-ARIN
TechName:   McKenna, Ken 
TechPhone:  +1-718-248-3866
TechEmail:  hostmaster@cto.citicorp.com 

OrgAbuseHandle: CCC9-ARIN
OrgAbuseName:   CTAC Command Center 
OrgAbusePhone:  +1-212-723-4480
OrgAbuseEmail:  ctaccmdcenter@citigroup.com

OrgTechHandle: PATRI6-ARIN
OrgTechName:   Morris, Patrick A.
OrgTechPhone:  +1-212-816-1780
OrgTechEmail:  patrick.a.morris@citigroup.com

ARIN WHOIS database, last updated 2004-10-25 19:10
  Enter ? for additional hints 
   on searching ARIN's WHOIS database.
Anti phishing software

See images of the real and phony site

Home



NSM88.COM    National Socialist Movement, P.O. Box 13768 Detroit, MI. 48213 (651) 659-6307