Citibank Phishing scam…and how it works!

As I posted on secretgeek.net (in the comments):

Just got this exact email this morning in my inbox.

So, I decided I should check out the source code to see if it did contain what you mentioned (about the additional words that were inserted). And yep, they were there, and they seemed as random as random can be!

Another interesting item I found was “Content-Disposition: inline”. I have no idea what that means, so I decided to go look it up.

Sure enough, it was something interesting, and it answers your question as to why outlook didn’t block the image.

Outlook only blocks external images (eg: images located on outside servers and so on).

From rfc2183: “If the ‘inline’ disposition is used, the multipart should be displayed as normal; however, an ‘attachment’ subpart should require action from the user to display.” — if inline and not attachment is used, then image will be displayed upon message opening (this is why Outlook doesn’t show it as an attachment.)

Is ‘Content-Disposition: inline’ dangerous in the wrong hands? Most definately.

—- [Additional points/notes…]
– I think in this new generation of security awareness, we should be prompting the user about the image file. Ask them if they want to view the image.

– Perhaps the mail client should treat ‘inline’ and ‘attachment’ content-disposition as the same.
Though, it would perhaps have a negative effect on those who rely on HTML/Rich emails that send inline images.

If it really is going to be an issue, I don’t mind the way Outlook Express just blocks the images and puts up the little bar which states that images have been blocked. Thus, we have the ability to choose if we don’t want to display the image.

– As the comment made by Leon in that post, there are a number of random words inserted into the mail message body. The randomly inserted words are not visible (unless you do a select all, then you’ll have highlighted the words, hence now visible to you).

– For those who have no idea what i’m talking about, then go read the post over at secretgeek.net about the CitiBank Phishing scam.

Links: rfc2138.

And finally, hope you’ve all learnt something. I know I have 🙂

As they say, you learn something new everyday! (It keeps life interesting :P)

1 thought on “Citibank Phishing scam…and how it works!”

Comments are closed.