<p>

Got a very convincing Citibank phishing email this morning asking me to verify my Citibank account information due to “the large number of identify theft attempts against Citibank customers.”

  • Displayed a link prominently to Citibank
  • Entire content of message was actually an inline gif
  • When you viewed source still linked to Citibank
  • However there was an image map component pointing to a url encoded (i.e. looked like gibberish) IP address: 207.236.159.100

Failed to be utterly convincing because I don’t have a Citibank account, and my SA config dumps messages with nearly no content into the spam folder. Still I was impressed by the artistry of it all. And they’re finally getting native english speakers to write their copy.