Anti-Phishing Group warns users!
Citibank - 'Maintenance upgrade'
Email title: 'Maintenance upgrade', last two letters swapped with random others
Scam target: Citibank clients
Email format: HTML e-mail (the source HTML of the message can be seen here)
Sender spoofed? Yes
Scam call to action: 'During our regular update and verification of the Internet Banking accounts, we could not verify your current information... To update your account information and start using our services please click on the link below...'
Scam goal: Getting victim's credit card information (CC number, PIN, expiration date)
Call to action format: URL Link
Visible link: h**ps://web.da-us.citibank.com/cgi-bin/help_desk/verify.asp
Called link : h**p://184.108.40.206/citi/index.php
Phish website: 220.127.116.11
This phish scam is being spreaded widely. It uses some spam tactics to get through spam filters. The most obvius one is the randomization of the last 2 letters in the subject line.
More info in http://www.antiphishing.org/phishing_archive/09-02-04_Citibank_(Citibank.com_Maintenance_upgrade).html