UnThreaded | Threaded | Whole Thread (16) | Ignore Thread Prev | Next
Author: rah1420 Big red star, 1000 posts Old School Fool Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: of 311084  
Subject: Re: CitiSpooph - Right?? Date: 7/15/2005 11:03 PM
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Recommendations: 2
Welup, BB, I did a 'whois' on and got a citibankcards.com domain. Going to www.citibankcards.com I got redirected to the Citibank.com site.

The other thing is that it didn't tell you to "click here" to fill in your information.

This is a phishing email:

From: - Thu May 05 22:05:46 2005
X-Account-Key: account3
X-UIDL: GmailId103ae7dbc5cf52e7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Gmail-Received: c506b29349543c66214fce0380a6df2c27651b93
Delivered-To: rah1420@gmail.com
Received: by with SMTP id 2cs3653wrc; Thu, 5 May 2005
13:28:25 -0700 (PDT)
Received: by with SMTP id x57mr704972rnd; Thu, 05 May 2005
13:13:25 -0700 (PDT)
Return-Path: <support_num_7720353423989@southtrust.com>
Received: from 81-1-102-168.homechoice.co.uk
(81-1-102-168.homechoice.co.uk []) by mx.gmail.com with SMTP
id 70si919906rnb.2005.; Thu, 05 May 2005 13:13:25 -0700 (PDT)
Received-SPF: neutral (gmail.com: is neither permitted nor
denied by domain of support_num_7720353423989@southtrust.com)
Message-Id: <427a7e65.11d083a9.5b6b.3706SMTPIN_ADDED@mx.gmail.com>
FCC: mailbox://support_num_7720353423989@southtrust.com/Sent
X-Identity-Key: id1
Date: Thu, 05 May 2005 14:08:17 -0700
From: SOUTHTRUST <support_num_7720353423989@southtrust.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ragu.raikar@gmail.com

This is yours.

From: - Fri Jul 15 20:43:23 2005
X-Account-Key: account2
X-UIDL: 20050716004037014006i0i0e00774g
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from citims2.info.citibank.com (citims2.info.citibankcards.com[](untrusted sender))
by worldnet.att.net (mtiwmxc14) with ESMTP id <20050716004037014003mh4ae>; Sat, 16 Jul 2005 00:40:37 +0000
X-Originating-IP: []
Received: from localHostName ( by citims2.info.citibank.com (LSMTP for Windows NT v1.1b) with SMTP id
<4.006F721F@citims2.info.citibank.com>; Fri, 15 Jul 2005 19:42:19 -0500
To: rmcginn@att.net
Subject: Secure, Instant Access to your Citi Card Statement is Available
From: Citi Cards <citicards@info.citibank.com>
Date: Fri, 15 Jul 2005 19:40:17 -0600
Reply-To: Citi Cards <citicards@info.citibank.com>
Content-Type: text/html; Windows-1252
Content-Transfer-Encoding: 8bit
X-PS-OMK-ID: annmn:[742lme042lme4ssmg0120000042lme0mRVWiRVZm]

You should know how to read an SMTP header. Start from the bottom "received" and work your way up; each one tells you what 'relay' the email went through to get to you.

Yours, for example started at (which is owned by the same owner as citibankcards.com.) It then passed to and thence onto worldnet.att.net (which I guess is your ISP) for delivery to you.

Looks pretty up-and-up.

But look at the one that I received as a phishing attempt.
Started on the bottom again, but this time it was from 81-1-102-168.homechoice.co.uk
at IP address And the return path is southtrust.com. Faint warning bells.

If I check out I see that it is indeed going to homechoice.co.uk which doesn't seem to me to have anything to do with Southtrust Bank.

I think yours is ok, and I think it's worthwhile for everyone to see what's going on with their email. Turn on header view and poke around; you'll see some interesting stuff in there.
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Print the post  
UnThreaded | Threaded | Whole Thread (16) | Ignore Thread Prev | Next


TMF Credit Center
The Motley Fool Credit Center arms you with real tools and simple messages, that will help you in every credit situation.
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Community Home
Speak Your Mind, Start Your Blog, Rate Your Stocks

Community Team Fools - who are those TMF's?
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.