{"id":6293,"date":"2012-03-08T11:18:43","date_gmt":"2012-03-08T18:18:43","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=6293"},"modified":"2018-10-05T10:53:26","modified_gmt":"2018-10-05T16:53:26","slug":"spamvertised-temporary-limit-access-to-your-account-emails-lead-to-citi-phishing-emails","status":"publish","type":"post","link":"https://www.webroot.com/blog/2012\/03\/08\/spamvertised-temporary-limit-access-to-your-account-emails-lead-to-citi-phishing-emails\/","title":{"rendered":"Spamvertised &#8216;Temporary Limit Access To Your Account&#8217; emails lead to Citi phishing emails"},"content":{"rendered":"<p>Cybercriminals are currently spamvertising a fraudulent email campaign impersonating Citi, using &#8216;<em>Temporary Limit Access To Your Account<\/em>&#8216; themed emails as a social engineering attempt to trick end users into clicking on the link found in the phishing emails.<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/webrootblog.files.wordpress.com\/2012\/03\/citibank_phishing_email_01.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-6294\" title=\"Citibank_Phishing_Email_01\" src=\"http:\/\/webrootblog.files.wordpress.com\/2012\/03\/citibank_phishing_email_01.png\" alt=\"\" width=\"460\" height=\"206\" \/><\/a><\/p>\n<p>More details:<\/p>\n<p><!--more--><\/p>\n<p><strong>Subject:<\/strong>\u00a0<em>Temporary Limit Access To Your Account<\/em><\/p>\n<p><strong>Spamvertised message:\u00a0<\/strong><em>Dear Client,CitiBank Temporary Limit Access To Your Account.Reason: 1.Unauthorized login attempts.2.Billing failure.We require you to complete an account update so we can unlock your account.To start the Unlock process click on: hxxp:\/\/irta-dositecno.com\/wp-content\/uploads\/2011\/11\/.43www3-credit-35-cards-86-citi-08-com\/Once you have completed this process, we will send you an email notifyingthat your account is available again. After that you can access your accountonline at any time.NB:Failure to provide required information will lead to account suspension automaticallyfrom Our online database.Sincerely,Citibank Customer Services.<\/em><\/p>\n<p><strong>Spamvertised URL:\u00a0<\/strong><em>hxxp:\/\/irta-dositecno.com\/wp-content\/uploads\/2011\/11\/.43www3-credit-35-cards-86-citi-08-com\/<\/em><\/p>\n<p>Upon clicking on the link, users are exposed to a fraudulent Citibank themed web site, requesting their accounting data:<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/webrootblog.files.wordpress.com\/2012\/03\/citibank_phishing_email_02.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-6295\" title=\"Citibank_Phishing_Email_02\" src=\"http:\/\/webrootblog.files.wordpress.com\/2012\/03\/citibank_phishing_email_02.png\" alt=\"\" width=\"614\" height=\"491\" \/><\/a><\/p>\n<p>For the time being, only\u00a0<strong><a href=\"https:\/\/www.virustotal.com\/url\/ac35d1692329e89b5cff65569d403f829b815aed71ffdebd736969e093ce7f54\/analysis\/1331147882\/\">Google Safebrowsing&#8217;s<\/a><\/strong> initiative has flagged the web site as a phishing one.<\/p>\n<p><strong><a href=\"https:\/\/www.webroot.com\/us\/en\/home\/products\/complete\">Webroot SecureAnywhere<\/a><\/strong> customers are protected from this threat.<\/p>\n<p><em>You can find more about Dancho Danchev at his\u00a0<strong><a href=\"http:\/\/nl.linkedin.com\/in\/danchodanchev\">LinkedIn Profile<\/a><\/strong>. You can also\u00a0<strong><a href=\"http:\/\/www.twitter.com\/danchodanchev\">follow him on \u00a0Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals are currently spamvertising a fraudulent email campaign impersonating Citi, using &#8216;Temporary Limit Access To Your Account&#8216; themed emails as a social engineering attempt to trick end users into clicking on the link found in the phishing emails. More details:<\/p>\n","protected":false},"author":65,"featured_media":17051,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[3485,3959,10183,3673,10193,10185,3493,3561,5611,10191,10181,10177,3539,10187,10189,10179,10175,3889,3529,4621],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6293"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=6293"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6293\/revisions"}],"predecessor-version":[{"id":25307,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6293\/revisions\/25307"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17051"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=6293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=6293"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=6293"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=6293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}