So this very "precautionary mail" contains a link.
User clicks link, and the linked page (redirected middle-man copy of a CityBank page) "replaces a bookmark" in his browser. That way, next time he uses the bookmark to go to his banking account, in fact he's banking on the nigerian copying-proxy, that reacts "just like" the citybank server would do (hey, it's just a proxy, but it secretly copies everything entered)
When the user clicks "close" on his NEXT banking login, having used his local bookmark, the nigerian(?) proxy ... continues a few moments, only to check what they can transfer from the account, using the broad citybank "web banking limits" (I remember citybank webbanking allowed overdrafting the account, going red for a serious amount of cash. It was possible to "borrow money" that way, automatically.
i'm not sure wether my thoughts about this "replacing bookmarks" are right, but if it's possible, this kid of mail is dangerous.
Of course, typing the first part of the link yourself already excludes "international characters that look like ours", but the letter says "click" |
