Just wanted to let you guys know what happened to my boss. She received an email from "citi card" stating she owed a balance on her card. Well she knew it was a mistake because she doesn’t owe anything on a Citi Bank card, (she has an account with them, but owes nothing on her card) but here is the kicker. When she scrolled down to the bottom of the email there is a place that says "click" here for information on this statement. When you wave the mouse over a “link" it read some beauty shop name instead of Citi Bank... needless to say she did nothing and never clicked it, But if she wasn’t thinking she could have easily put her user name and password and someone probably would have had all her information and possible used her name and info to get a card or who knows.

All that being said please spread the word to be super careful in opening emails..

Most important the email was EXACTLY the same email that the real Citi Bank sends out... but when you wave over the real link at the bottom. Citi bank shows up in the box...
Don’t be fooled..

This happens ALL the time. One should NEVER click on a link in an email that pertains to any sort of financial or private data. Those are always spam. Every legitimate banking company states in their privacy/cardholder/accountholder agreement that they will never send you those kinds of emails asking for your username/password or asking you to update account information, and that you should never click on any links in emails that claim to be from them. Legitimate places will either call you directly or send you a piece of mail if there is a problem with your account.

Glad your boss was extra careful, and a good warning to everyone!

I get about 5 of these types of emails in my spam folder a WEEK. It's out of control.

It's crazy how real it looked. It was an on line statement. Showing an amount and with a balance, they didn’t ask for her info on that page, but as soon as you click to see what they are talking about. That’s where they get your username and password and the rest is history.. Very sneaky,
Oh yeah and the next email she had was from the real citi bank that’s how she knew the names were wrong. One (the bad one) said Citi “CARD” and the real one said Citi “BANK”

If you ever get one of these messages, don't open it! Delete it, then go to your normal online site and check there. (I normally do this anyway, just to be on the "safe" side.)

If it WAS legitimate (highly unlikely) then there will be a message in your site specific INBOX with the information.

If you do not have an online login ID for your bank/credit card/etc. then you should know right away that this is a phishing expedition - just trying to get your info.

Over the years we've gotten these as well. Either an email, or a phone call, asking for us to verify certain information. We never, EVER give that information. Instead we either go to our bank's official website or call the bank directly.

In one case it was the bank where my husband has his business accounts held. A few days after that mysterious phone call the front page of the bank's website had a notice in red that there was a recent phone call scam, and reminded customers that the bank would NEVER ask for that type of information over the phone or through email.

I get those all the time from B of A and I don't have an account with them. Like another poster said. It is a phishing expedition. I also get emails about my paypal account being flagged. I just check my account and then delete the email as spam.

I also find a ton of spam mail that I have been sent funds.... those are promptly deleted as well. Who in their right mind is just going to send me money ...lol

I get them from 'Pay Pal' and Amazon often. I also get the message from a stranger in another country that needs my help to get some money. I was actually delighted the first time I got one of those. I'd heard about them for years but had never seen them. I thought it was a hoot. :blush:

If ever one of those notices appears to be legitimate, I do what another poster suggested. I do not click on any links that were sent to me. Instead, I go directly to what I know is the legitimate site for the organization being presented (or call the organization) to see if there really is any issue.

It's still amazing to me how many people actually do fall for it, after all these years of these scams coming out now.

I am really sad for those people who fall for it, but if you are going to use the internet for financial transactions you have to be as careful as you can possibly be. :(

It's called phishing. The privacy statements you get from your financial institutions should tell you how they'll contact you and how you should access the system. It's always best to not click on links in emails and go directly to the site you normally use to log in for that institution.

Phishing is a general email sent out to whoever. Spear phishing is sending emails to people you know who belong to a particular organization (the scammer has a list of people who use Citibank and only sends the emails to those people.) The newest version is "smishing," which is a scam text.