Sponsored by..

Thursday, 13 December 2012

Citibank spam / eaglepointecondo.biz

This fake Citibank spam leads to malware on eaglepointecondo.biz:


Date:      Thu, 13 Dec 2012 16:59:14 +0400
From:      "Citi Alerts" [lubumbashiny63@bankofdeerfield.com]
Subject:      Account Operation Alert

EMAIL SAFETY AREA    
       
ATM/Credit card ending in: XXX8    
       
Notifications System
   
Wire Transaction Issued

Ultimate Savings Account (USA) XXXXXXXXX5
Amount Withdrawn: $4,564.61
Date: 12/12/12


Sign In to Abort Details
   
Wire Transaction Issued

Ultimate Savings Account (USA) XXXXXXXXX5
Amount Debited: $.24
Date: 12/12/12

Login to Overview Operation
   
ABOUT THIS MESSAGE

Please DO NOT reply to this message. auto-notification system can't accept incoming mail.
   
Citibank, N.A. Member FDIC.

� 2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc.

====================

From: Citibank - Alerts [mailto:enormityyf10@iztzg.hr]
Sent: 13 December 2012 12:50
Subject: Account Operation Alert
Importance: High

EMAIL SAFETY AREA
        
ATM/Credit card ending in: XXX6   
 
Notifications System

Bill Payment

Checking XXXXXXXXX7
Amount Withdrawn: $5,951.56
Date: 12/12/12

Visit this link to Cancel Detailed information

Bill Payment

Checking XXXXXXXXX7
Amount Debited: $.14
Date: 12/12/12

Login to Review Operation

ABOUT THIS MESSAGE

Please don't reply to this message. auto informer system unable to accept incoming mail.    
            
Citibank, N.A. Member FDIC.
2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc.

====================

From: Citibank - Service [mailto:goaliesj79@wonderware.com]
Sent: 13 December 2012 12:59
Subject: Account Alert
Importance: High

EMAIL SAFETY ZONE

ATM/Debit card ending in: XXX8      

Alerting System

Withdraw Message

Savings Account XXXXXXXXX4
Amount Debited: $1,218.42
Date: 12/12/12

Login to Abort Operation

Withdraw Message

Savings Account XXXXXXXXX4
Amount Withdrawn: $.42
Date: 12/12/12

Sign In to Overview Operation

ABOUT THIS MESSAGE
Please DO NOT reply to this message. auto-notification system not configured to accept incoming mail.       
              
Citibank, N.A. Member FDIC.
2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc.

The malicious payload is on [donotclick]eaglepointecondo.biz/detects/operation_alert_login.php hosted on 59.57.247.185 in China, the same IP has been used several times for evil recently and you should block it if you can.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)