Regarding the above matter, MyCERT received reports of the circulation of a suspicious email purportedly from the CITIBANK.

The email uses a fake and non-existence "from" information. An example of the email is as below:

--------------------------------Example of the Phishing Email------------------------------

-------------------------------------------------------------------------------------------

MyCERT's analysis shows that once clicked to the above phishing site, users will be directed to a link which requests users to enter their username and password information. Upon analysis by MyCERT, the link which requests usernames and passwords is a phishing site which impersonates the actual CITIBANK. The email was not sent by CITIBANK and users should ignore any such emails. Such emails are being sent in order to gain access to your Internet Banking password, this can then be used to access your bank accounts for malicious purposes.

The above latest CITIBANK phishing scam was discovered on 2 September 2004 (US Pacific Time) and is in circulation via emails in Malaysia.

This method of gaining Internet Banking login and password for malicious purposes is called the phishing scam. Such scams use decoy Web pages and spam messages to trick unsuspecting users into releasing sensitive information, such as logon and password information.

List of phishing scams involving other financial institutions around the world is available at:

http://www.antiphishing.org/phishing_archive.htm

MyCERT strongly urge users who receive emails purportedly from a bank requesting to change their logon and password should ignore/delete such emails immediately.Users are also advised to refer and verify any such emails with their ISPs, CERTs or with the Particular Financial Institutions mentioned in any of such emails.

MyCERT can be reached for assistance at:

Web: http://www.mycert.org.my
Email:
Tel: 03-89961901
Fax: 03-89960827
SMS: 019-2813801