Douglas reported that he received SMS message which claimed to be from Citibank, informing them that “your access to Citibank account has been blocked due to the pending verification of your profile”
It shows a popular URL shortener Bit.ly in that SMS message as well. Customers who clicked on the link in the SMS would be redirected to a non-Citibank website.
Such phishing sites are designed to steal customers data such as logins, PINs to perform illegal transactions.
So far, there’s has been 134 clicks to the website as of 2:09 am when we check and the majority of them from Singapore. Apparently, this link and the phishing website were created on 24 June 2018.
In Phishing attacks, criminals send e-mails, SMS purporting to be from legitimate companies to trick someone into providing personal data or implant with a virus that can steal their information
Citibank posted this message on social media on 15 June:
Dear Citi Customers,
We have detected fraudulent activity relating to SMS messages that claim to be from Citi, informing customers that their ‘access to Citibank has been blocked due to the pending update of your (their) profile’.
The text also contains a fraudulent link to a website which is NOT an authentic Citi website. This SMS is not from Citi and we instruct all customers NOT to click on it.
As a security reminder, please be sure that the Citi website you are visiting is authentic by looking for the ‘Locked Padlock’ icon in your web browser.
Please contact CitiPhone Banking at +65 6225 5225 immediately if you suspect any unauthorized activity on your account.
Just last month, DBS warned customers of a phishing scheme targeting POSB Bank customers and mimicking the POSB Internet Banking login site.
The email claimed that banks in Singapore were under attack by hackers, and instructed customers to click on a link to update their accounts and keep their money safe. DBS was aware of the phishing email and took down the website on Thursday evening, the spokesperson said, adding that it actively takes down phishing sites to protect customers.
27,000 bruteforce log-in attempts detected on HealthHub Portal
Ministry of Health’s (MOH) HealthHub portal recently detected multiple unauthorised log-in attempts that affected 72 accounts. A user reported suspicious...