Citi Bank Phishing Scam

Citi Bank customers and others, beware! There is a domain called paypal-up10.com moving some kind of phishing scam through the Internet of which I have been recently made aware. The body of the email reads as follows:

Important Information Regarding Your Citi Bank Credit Card
Dear CitiBank Client ,

This is your official notification that the service(s) listed below
will be deactivated and deleted if not renewed immediately. Previous
Notifications have been sent to the Billing Contact assigned to this account.

As the Primary Contact, you must renew the service(s) listed below.

SERVICE: Citi Bank Credit Card
Expiration Nov 1st 2007

What you need to do:

It’s easy to renew your Online Banking Services by click on the link bellow :
http://www.citicards.com/us/HOME

– Go to Account Login
– Update/Verify Your Information

Thanks
Citi Bank 2007

The link in the above email does not, of course, point to citicards.com. It points to the following:
http://www.citicards.com.ID.F44F934Y127FJEWJHEJW.paypal-up10.com/service/login.htm

Note that there are several “dots” in that URL. That’s because all that stuff before paypal-up10.com is what is known in the computer networking world as “host information.” In this case, its designed to look like the citicards.com URL and disguise the actual domain name. I don’t recommend playing around with it too much, but the root of the domain is just your basic catch-all splog.

If you’d like to know more, contact the people at the WHOIS registrant information found here:

Registrant:
Marketing Total S.A. (PAYPAL-UP10-COM-DOM)
P.O. Box 556
Main Street
Charlestown, West Indies
KN
+852.30106405
+852.30106405
soluciones@MarketingTotalsa.com

Domain Name: PAYPAL-UP10.COM
Status: PROTECTED

Administrative Contact:
Marketing Total S.A. soluciones@MarketingTotalsa.com
P.O. Box 556
Main Street
Charlestown, West Indies
KN
+852.30106405
Fax- +852.30106405

Technical Contact, Zone Contact:
Marketing Total S.A. soluciones@MarketingTotalsa.com
P.O. Box 556
Main Street
Charlestown, West Indies
KN
+852.30106405
Fax- +852.30106405

Record last updated on 31-Oct-2007.
Record expires on 29-Oct-2008.
Record created on 29-Oct-2007.

Domain servers in listed order:
Name Server: NS-1.SECUREHOSTINGSERVER.COM
Name Server: NS-2.SECUREHOSTINGSERVER.COM
Name Server: NS-3.SECUREHOSTINGSERVER.COM

By Tommy Belknap

Owner, developer, editor of DragonFlyEye.Net, Tom Belknap is also a freelance journalist for The 585 lifestyle magazine. He lives in the Rochester area with his wife and son.

1 reply on “Citi Bank Phishing Scam”

Comments are closed.