Phishing Attack: Citibank - ´Safeguard your account´

This phish uses some interesting and dangerous tricks.

The message itself is simple but effective in inciting urgency into the potential victim. The sender address is spoofed (it looks like it really comes from Citibank, while it does not), but the URL link is not hidden. This could raise suspicion, although the message does mention use of a separate server for the ´check´:

The phish site does look the way a Citibank page would look. It does not demand excessive amounts of information, and when you try to type in a bogus CC number, it rejects it. All this seems to point toward the conclusion that this is really a legitimate Citibank site:

However, it is not. It does check the credit card number using a publicly available formula (Yes, even you can tell if a CC number a valid one, if you know the formula - click here for more information). Of course, the phisher can not check whether this is a real card´s number, or (even less) whether it´s your CC number (this is why they phish you in the first place :) ).

But if a real username / password had been entered, the login would have proceeded with no problem. This way, the phish could pass TOTALLY unnoticed.

The suspicious URL remains in the address bar. The phish server is hosted on a server in Hubei Province, China.  Phish website on IP: 219.138.133.5