Ask Dave Taylor
  • Facebook
  • Instagram
  • Linkedin
  • Pinterest
  • Twitter
  • YouTube
  • Home
  • Videos
  • Most Popular
  • Top Categories
  • Books
  • About Dave
  • Ask Me
  • > Donate <
  • Home
  • Computer and Internet Basics
  • Email about Citibank Payment: Is It Legit?

Email about Citibank Payment: Is It Legit?

December 18, 2018 / Dave Taylor / Computer and Internet Basics / 1 Comment

Hi Dave! I have an account with Citibank which is why the email I received about a pending payment is confusing: it doesn’t look like any other email I get from Citibank. Is it legit?

For what are obvious reasons, there are few targets scammers find more enticing than banks and online banking. Get someone’s bank login info and a criminal can quickly transfer all the savings and zero out every account balance into a complex network of offshore accounts. You log back in a few days later, perhaps after a check bounces or a credit card transaction fails, and – horror! – all your money is gone. That’s why it’s critically important to be highly skeptical of any email that’s ostensibly from any sort of financial institution. Not sure? Log directly into your account by typing in the URL into your Web browser, not clicking on a link from an email message or text message and check your inbox to see if the message shows up. Odds are, it won’t.

All that is just online banking 101 in the modern era, however, and where your particular email message is interesting is that it’s not actually a phishing attempt trying to get your Citibank credentials at all. In fact, it never even asks for your login or account information, because its goal is to infect you with malware. Now that malware might well sniff out account passwords or worse, but let’s follow the path to see how it all works.

To start out, here’s the email message itself (I got the same message. Coincidence? Nope, just a bulk mailing):

citibank email transfer scam malware spam

The more you look at this closely, the more there should be warning alarms in your head. For example, why is it emailed from “fb.sup@marriottmcy.net.ve”? The VE domain is Venezuela. Pretty darn sure that Citibank isn’t going to be sending notification emails from a server in Venezuela. At least, not unless you’re based in Venezuela.

Of course the 7817 is a random four digit sequence, but people who receive this email aren’t going to stop and wonder if that matches their account, because the center of the message demands attention: $3,426.48 paid out?

Then again, you can’t have the same transaction show up as both a credit and debit because those cancel each other out. Again, though, people aren’t going to spend the time to consider that. What are most people going to do? Click on the link.

But instead of doing that, your email program should pop up or otherwise indicate where that link will take you, because what it shows and where you go can be two very different URLs. As this one is, demonstrated in Gmail by the tiny preview URL window on the lower left of the email program when I have the cursor over this “secmail.citibank.com” URL:

citibank spam url

Well, kids-education-support.com definitely does not sound like a Citibank secure email server, does it? 🙂

But… let’s say you didn’t slow down, you didn’t check, you weren’t cautious and just blindly clicked on the link. In this case a sophisticated email environment like Gmail is your friend, popping up this warning:

gmail: suspicious link

But maybe your email program doesn’t do that. Time to switch. Really.

So where do you go if you end up at kids-education-support.com? Turns out that it’s actually a download link, and the next thing that transpires is that you end up with a Word document in your Downloads folder:

malware .doc file

I really, really hope you’re savvy enough to know never open unknown Word docs because it’s guaranteed that they’re going to have Word macro viruses or worse. This one we can safely preview, however, just to check its contents:

office 365 macro virus malware

You caught what it says, yes? It’s telling you to “Enable content” so you can “see what’s inside”. What that really does is enable macros which then lets the document infect your Microsoft Word or Office installation or, worst case, infect your whole computer.

Just. Say. No.

As with so many other spam messages I’ve disassembled here on my site, this is intended to help remind you that every time, every single time, you need to be skeptical of any email from a financial institution. Indeed, it’s about time banks stopped using email at all, or at least stopped including any clickable links at all in their email messages. Regardless, be careful out there!

Pro Tip: I have been writing computer tips for years and they’re all here on the site for your perusal. Please spend a few minutes to check them out!

Let’s Stay In Touch!

Never miss a single article, review or tutorial here on AskDaveTaylor, sign up for my fun weekly newsletter!
Name: 
Your email address:*
Please enter all required fields
Correct invalid entries
No spam, ever. Promise. Powered by FeedBlitz
Please choose a color:
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
bank malware, bank spam, citibank scam, citibank spam, word macro virus

One comment on “Email about Citibank Payment: Is It Legit?”

  1. RICK Cipolla says:
    December 19, 2018 at 2:14 pm

    Does sp@mloopercom still work ? I forward all suspected emails to them.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Recent Posts

  • How Can I Create Phone Wallpaper in Windows 10?
  • Get Started Building Spreadsheets with LibreOffice Calc on Linux?
  • How can I change Android phone alarm auto-shut off delay?
  • Change MacOS Screen Capture Format to JPEG?
  • Can Windows Defender protect me in Google Chrome?

On Our YouTube Channel

Unboxing The Samsung Galaxy S10 Plus!

Categories

  • AdSense, AdWords and PPC Help (106)
  • Amazon Echo & Kindle Help (68)
  • Android Help (117)
  • Apple Watch Help (47)
  • Articles, Tutorials and Reviews (301)
  • Business Advice (178)
  • Computer and Internet Basics (655)
  • d) None of the Above (157)
  • eBay, Amazon and Online Shopping Help (145)
  • Facebook Help (332)
  • Gmail Tips & Help (110)
  • Google Plus Support (59)
  • HTML and Web Design (236)
  • Instagram Help (40)
  • iPad Help (128)
  • iPhone Help (522)
  • iPod and MP3 Player Help (181)
  • LinkedIn Help (69)
  • Linux Help (125)
  • Linux Shell Script Programming (84)
  • MacOS X Help (748)
  • Most Popular (5)
  • Pinterest Help (50)
  • SEO Tips and Tricks (78)
  • Trade Show Updates (23)
  • Twitter Help (201)
  • Video Game Tips and Reviews (66)
  • Web Site Traffic Tips (61)
  • Windows Help (704)
  • Wordpress Help (194)
  • Writing and Publishing (70)
  • YouTube Help (36)
  • YouTube Video Reviews (159)

Archives

Social Connections:

Ask Dave Taylor


Follow Me on Pinterest
Follow me on Twitter
Follow me on LinkedIn
Follow me on Instagram

AskDaveTaylor on Facebook

© 2018 by Dave Taylor. "Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.
Privacy Policy - Terms and Conditions