ScamLetters.com - Email Scams, Email Hoaxes, Internet Fraud, Phishing, Identify Theft

Scamletters.com is an online searchable database and central reporting resource for email scams. We report the latest scams, including Advance Fee Fraud, Lottery Scams, Phishing, Identify Theft, Employment & Auction Scams and other Internet Fraud received by email. Our site is updated daily. The database is available to law enforcement agencies around the world to conduct online investigations into reported email hoaxes. Visitors may report scams by signing up for an account and submitting scam emails directly to our database. Alternatively, scam messages can be forwarded to our central scam letters email address.

Reporting scam emails: Please forward all received to scamletter@gmail.com. Please include full headers along with email messages.


Scam emails in base: 4393 | Browse: [email addresses] [phones] [abused names] [IP addresses] | Latest Email Scams Feed

Your Account Was Hijacked !

(mail 564) received Sun, 9 Sep 2007 16:59:25 -0400
onlineacces@citigroup.com


  1. received: by 10.115.106.5 with SMTP id i5cs132369wam; Sun, 9 Sep 2007 15:27:00 -0700 (PDT)
  2. received: by 10.90.119.15 with SMTP id r15mr8879656agc.1189376819975; Sun, 09 Sep 2007 15:26:59 -0700 (PDT)
  3. received: from arbaas02.awardsupport.com.ar (mail.awardsupport.com.ar [24.232.12.9]) by mx.google.com with ESMTP id i14si3881929wxd.2007.09.09.15.24.58; Sun, 09 Sep 2007 15:26:59 -0700 (PDT)
  4. received: from User ([24.168.197.64]) by arbaas02.awardsupport.com.ar with Microsoft SMTPSVC(6.0.3790.3959); Sun, 9 Sep 2007 18:00:18 -0300
  5. return-path: <onlineacces@citigroup.com>
  6. return-path: onlineacces@citigroup.com
  7. received-spf: softfail (google.com: domain of transitioning onlineacces@citigroup.com does not designate 24.232.12.9 as permitted sender) client-ip=24.232.12.9;
  8. authentication-results: mx.google.com; spf=softfail (google.com: domain of transitioning onlineacces@citigroup.com does not designate 24.232.12.9 as permitted sender) smtp.mail=onlineacces@citigroup.com
  9. from: "Citibank"<onlineacces@citigroup.com>
  10. subject: Your Account Was Hijacked !
  11. date: Sun, 9 Sep 2007 16:59:25 -0400
  12. mime-version: 1.0
  13. content-type: text/html; charset="Windows-1251"
  14. content-transfer-encoding: 7bit
  15. x-priority: 3
  16. x-msmail-priority: Normal
  17. x-mailer: Microsoft Outlook Express 6.00.2600.0000
  18. x-mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
  19. bcc:
  20. message-id: <ARBAAS024clEWM3Unli0000139a@arbaas02.awardsupport.com.ar>
  21. x-originalarrivaltime: 09 Sep 2007 21:00:18.0619 (UTC) FILETIME=[6D94D0B0:01C7F324]
Dear Citi
valued customer,

We recently noticed one or more attempts to log in your
Citi account from a foreign IP address and we have
reasons to believe
that your account was hijacked by a third party without
your
authorization. If you recently accessed your account while
traveling, the log
in attempts may have initiated by you.

However if you are the rightful holder of the account, click on
the link below and submit, as we try to verify your account.




Log on to Citi Internet Banking and fill in the required informations. This is required for us to continue to offer you a safe and risk free environment.

The log in attempt was made from:

IP address: 89.30.50.107
ISP host: 89.30.50.107.drmnet.org

If you choose to ignore our request, you leave us no
choice but to
temporally suspend your account.
We ask that you allow at least 48hrs for the case to be
investigated and
we strongly recommend not making any changes to your
account in that
time.

* Please do not respond to this
email as your
reply will not be received.

Thank you for your patience as we work together to protect
your account.
 



Copyright © 2007 CitiBank. All rights reserved.