Ask Dave Taylor
  • Facebook
  • Instagram
  • Linkedin
  • Pinterest
  • Twitter
  • YouTube
  • Home
  • Videos
  • Most Popular
  • Top Categories
  • Books
  • About Dave
  • Ask Me
  • > Donate <
  • Home
  • Computer & Internet Basics
  • Email about Citibank Payment: Is It Legit?

Email about Citibank Payment: Is It Legit?

December 18, 2018 / Dave Taylor / Computer & Internet Basics, Spam, Scams & Security / 1 Comment

Hi Dave! I have an account with Citibank which is why the email I received about a pending payment is confusing: it doesn’t look like any other email I get from Citibank. Is it legit?

For what are obvious reasons, there are few targets scammers find more enticing than banks and online banking. Get someone’s bank login info and a criminal can quickly transfer all the savings and zero out every account balance into a complex network of offshore accounts. You log back in a few days later, perhaps after a check bounces or a credit card transaction fails, and – horror! – all your money is gone. That’s why it’s critically important to be highly skeptical of any email that’s ostensibly from any sort of financial institution. Not sure? Log directly into your account by typing in the URL into your Web browser, not clicking on a link from an email message or text message and check your inbox to see if the message shows up. Odds are, it won’t.

All that is just online banking 101 in the modern era, however, and where your particular email message is interesting is that it’s not actually a phishing attempt trying to get your Citibank credentials at all. In fact, it never even asks for your login or account information, because its goal is to infect you with malware. Now that malware might well sniff out account passwords or worse, but let’s follow the path to see how it all works.

To start out, here’s the email message itself (I got the same message. Coincidence? Nope, just a bulk mailing):

citibank email transfer scam malware spam

The more you look at this closely, the more there should be warning alarms in your head. For example, why is it emailed from “fb.sup@marriottmcy.net.ve”? The VE domain is Venezuela. Pretty darn sure that Citibank isn’t going to be sending notification emails from a server in Venezuela. At least, not unless you’re based in Venezuela.

Of course the 7817 is a random four digit sequence, but people who receive this email aren’t going to stop and wonder if that matches their account, because the center of the message demands attention: $3,426.48 paid out?

Then again, you can’t have the same transaction show up as both a credit and debit because those cancel each other out. Again, though, people aren’t going to spend the time to consider that. What are most people going to do? Click on the link.

But instead of doing that, your email program should pop up or otherwise indicate where that link will take you, because what it shows and where you go can be two very different URLs. As this one is, demonstrated in Gmail by the tiny preview URL window on the lower left of the email program when I have the cursor over this “secmail.citibank.com” URL:

citibank spam url

Well, kids-education-support.com definitely does not sound like a Citibank secure email server, does it? 🙂

But… let’s say you didn’t slow down, you didn’t check, you weren’t cautious and just blindly clicked on the link. In this case a sophisticated email environment like Gmail is your friend, popping up this warning:

gmail: suspicious link

But maybe your email program doesn’t do that. Time to switch. Really.

So where do you go if you end up at kids-education-support.com? Turns out that it’s actually a download link, and the next thing that transpires is that you end up with a Word document in your Downloads folder:

malware .doc file

I really, really hope you’re savvy enough to know never open unknown Word docs because it’s guaranteed that they’re going to have Word macro viruses or worse. This one we can safely preview, however, just to check its contents:

office 365 macro virus malware

You caught what it says, yes? It’s telling you to “Enable content” so you can “see what’s inside”. What that really does is enable macros which then lets the document infect your Microsoft Word or Office installation or, worst case, infect your whole computer.

Just. Say. No.

As with so many other spam messages I’ve disassembled here on my site, this is intended to help remind you that every time, every single time, you need to be skeptical of any email from a financial institution. Indeed, it’s about time banks stopped using email at all, or at least stopped including any clickable links at all in their email messages. Regardless, be careful out there!

Pro Tip: I have been writing computer tips for years and they’re all here on the site for your perusal. Please spend a few minutes to check them out!

Let’s Stay In Touch!

Never miss a single article, review or tutorial here on AskDaveTaylor, sign up for my fun weekly newsletter!
Name: 
Your email address:*
Please enter all required fields
Correct invalid entries
No spam, ever. Promise. Powered by FeedBlitz
Please choose a color:
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
bank malware, bank spam, citibank scam, citibank spam, word macro virus

One comment on “Email about Citibank Payment: Is It Legit?”

  1. RICK Cipolla says:
    December 19, 2018 at 2:14 pm

    Does sp@mloopercom still work ? I forward all suspected emails to them.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Recent Posts

  • How Can I Prevent Remote Access to my Windows PC?
  • The Easy Way to Add Contacts to my New Android Phone?
  • How Can I Hide or Report An Offensive Advert on Facebook?
  • Switch “Paste” & “Paste and Match Style” Keyboard Shortcuts on MacOS?
  • How Can I Easily Create a QR Code For My Web Page?

On Our YouTube Channel

AUKEY Omnia 100W + Minima 20W Power Chargers -- DEMO & REVIEW

Roborock S6 MaxV Robot Vacuum Cleaner -- DEMO & REVIEW

Categories

  • AdSense, AdWords, and PPC Help (106)
  • Amazon Echo & Kindle Help (79)
  • Amazon, eBay, and Online Shopping Help, (157)
  • Android Help (160)
  • Apple Watch Help (49)
  • Articles, Tutorials, and Reviews (327)
  • Business Advice (192)
  • Computer & Internet Basics (720)
  • d) None of the Above (160)
  • Facebook Help (365)
  • Google, Chrome & Gmail Help (157)
  • HTML & Web Page Design (244)
  • Instagram Help (44)
  • iPad Help (137)
  • iPhone & iOS Help (571)
  • iPod & MP3 Player Help (173)
  • LinkedIn Help (79)
  • Linux Help (149)
  • Linux Shell Script Programming (86)
  • Mac & MacOS Help (833)
  • Most Popular (10)
  • Outlook & Office 365 Help (10)
  • PayPal Help (68)
  • Pinterest Help (53)
  • Reddit Help (12)
  • SEO & Marketing (80)
  • Spam, Scams & Security (84)
  • Trade Show News & Updates (23)
  • Twitter Help (212)
  • Video Game Tips (66)
  • Web Site Traffic Tips (62)
  • Windows 10 Help (831)
  • Wordpress Help (201)
  • Writing and Publishing (72)
  • YouTube Help (43)
  • YouTube Video Reviews (159)
  • Zoom, Skype & Video Chat Help (42)

Archives

Social Connections:

Ask Dave Taylor


Follow Me on Pinterest
Follow me on Twitter
Follow me on LinkedIn
Follow me on Instagram


AskDaveTaylor on Facebook



microsoft insider mvp


This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to our terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. Our lawyer says "Thanks for your cooperation."
© 2020 by Dave Taylor. "Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.
Privacy Policy - Terms and Conditions - Accessibility Policy