Citibanks' online payment service c2it was a victim of a hoax email attack, also known as "phishing," earlier this month. Hoax emails are prevalent on the Internet as identity thieves attempt to trick users into revealing password, banking and credit card information. Thieves commonly disguise emails to look like they are coming from eBay, and they have recently begun targeting ecommerce firms and financial institutions as well.
c2it issued a security alert on its Web site home page on September 2, warning that fraudulent emails were sent and made to look like they came from Citibank. "The c2it organization is working with the proper law enforcement authorities to stop this campaign," the alert read. "In the meantime, keep in mind, that c2it, Citibank, Citigroup or Citi Cards would not send you an email requesting personal information, and any you receive asking for confidential information should raise a red flag."
A spokesperson for c2it said the hoax emails were sent out to a broad audience asking people to click on a link to provide personal information. She said users should delete the emails and call the company if they have questions. She said users should use their existing bookmarks to access the c2it site as a way of avoiding clicking on links leading to fraudulent sites.
PayPal was one of the first financial-services companies to be targeted by spoof emails as early as June 2002. According to Snopes, a Web site set up to dispel urban legends, rumors and misinformation, this is an old con using new technology. "It's all about getting potential victims to hand over their banking and credit information," said Snopes. It goes on to say that in pre-Internet days, cons used phones to call people who live near a particular bank, posing as employees of the bank who needed to confirm their account information. "We tend to accept the way people present themselves at face value, so only a handful of us think to question someone who greets us by name, identifies himself as working at our bank and informs us there is something wrong with our bank accounts."
The old con found new life on the Internet, and identity thieves have expanded it by targeting companies besides eBay and PayPal. In June, BestBuy was a target of phishing. The Guardian, an English newspaper, reported that banking firm Barclays was targeted last week. AOL and other ISPs have been targeted.
An FTC Consumer Alert, “How Not to Get Hooked by a "Phishing" Scam,” warns consumers who receive email that claims an account will be shut down unless they reconfirm their billing information not to reply or click on the link in the email. Consumers should contact the company that supposedly sent the message using a telephone number or Web site address they know to be genuine. More tips to avoid phishing scams can be found at http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm.
PayPal and eBay continue to be targets. Australia's newspaper The Age reported that hoax emails were sent today claiming to be from eBay and asking recipients to update their accounts.
