Spoof email trying to steal money

This email is pretty well constructed. It appreas like this:

and when you move your mouse over it, you can see it will direct you to

https://web.da-us.citibank.com/signin/scripts/login/confirm/user_data.jsp

Everything seems so normal. So you click it, and two browser windows open: One is http://www.citi.com/domain/index.htm, the official homepage of Citi Group, another is a form asking you to input your ATM card number, password, your personal information...

This is the form which will steal your money. When you see the official homepage of Citi Group, you might believe that the form is also created by Citi Group, then you might trust the form and input your personal information.

When you click that link, you're not visiting Citi's website. Actually, you are redirected to another address:

http://68.14.198.*:87/cit/index.htm

In this malicious webpage, the above form is pop up, and you're directed to Citi Group's website.

Tracing the email, I found the email is sent out from a client of Shaw, a famous ISP in Canada, and it's sent to a mail server in China, using a false email address as: Citibank <antifraud.ref.num276686715370@citibank.com> After all this, the server which is hosting the malicious webpages is a client of COX in New Orland, USA.


In such a crazy world, don't ever trust anything easily.