Our News
FST Key to Hot FBI Cyber-Terror Issue
Comments by FBI Cyber Crimes Assistant Director Shawn Henry made last October to reporters centered on a noticeable rise in cyber-terrorism and specifically cited "spear phishing" as a rapidly rising threat.
ISR's Forensic Sender Test™ helps UCE control systems combat all types of email identity crimes. Providing FST service in your mail system component or service not only brings tremendous value to your customers, but also affords an opportunity to show initiative on a “hot button” issue.
Contact us to learn more.
Case Study - Citibank
NOTE: THIS PAGE CONTAINS FRAUDULENT EMAILS. IF YOU CHOOSE TO FOLLOW THE LINKS IN THESE EMAILS, TREAT THE RESULTING TARGETS AS HOSTILE! THE URLs HAVE BEEN DE-LINKED FOR YOUR SAFETY.
The following samples are random Citibank spoofs spotted by the FST in our mail system. The FST inputs are colored in red and the FST result is bold. In addition, our mail system checks a series of popular blacklist services and that result also appears in bold. Interestingly, many of these random samples show that the sending IP had not yet been picked up by an RBL. Also of interest are the random series of characters that follow many of the messages. These characters appear as white text on a white background in the original emails (to hide them from the user) and their purpose is to defeat even the most complex email content filters. But because the FST doesn't care about content, these measures do nothing to change the verdict that the message is a criminal device.
During the same time period that these phishing emails were spotted, there were also legitimate Citibank emails. We have included only the headers from one here because of obvious privacy issues, but they were all correctly identified by the FST as having come from an IP address controlled by an authorized Citibank email source.
Finally, and perhaps most importantly to Citibank, the test did NOT rely on any registered configurations (such as SPF records) from Citibank in order to spot the phishing emails OR to decide that the legitimate emails were valid. Citibank could reconfigure their entire email topography hourly and the FST's effectiveness would remain completely intact.
Sample of a VALID Citibank email (header only)
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Dec 2007 11:59:50 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 63187D40-9CA3-487B-85AF-9E389CC5B231; 04 Dec 07 11:59:50 -0500 Return-Path: <citicards@info.citibank.com> Received: from SMTP32-FWD by jaxcentral.com (SMTP32) id A8784018F0000C67B; Tue, 4 Dec 2007 11:59:49 -0500 Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A7840694; Tue, 04 Dec 2007 11:59:48 -0500 Received: from bigfootinteractive.com at 206.132.3.184 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 73CD43DC-5769-45C2-9E50-B975F94ACDE8; 04 Dec 07 11:59:31 -0500 Reply-To: citicards.WBTH050DB229C28B81C2637EE53B30@info.citibank.com Bounces_to: citicards@info.citibank.com Message-ID: <WBTH050DB229C28B81C2637EE53B30.780.16609.pimailer58.DumpShot.2@info.citibank.com> X-BFI: WBTH050DB229C28B81C2637EE53B30 Date: Tue, 04 Dec 2007 11:41:35 EST From: =?iso-8859-1?B?Q2l0aSBDYXJkcw==?= <citicards@info.citibank.com> Subject: =?iso-8859-1?B?R2V0ICQ1MCBmcm9tIENpdGliYW5r?= MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="ABCD-WBTH050DB229C28B81C2637EE53B30-EFGH" ISR-RBL: PASSED ISR-FST: PASSED ISR-Session: 3942049966547 ISR-Session: 3942049988357 X-OriginalArrivalTime: 04 Dec 2007 16:59:50.0801 (UTC) FILETIME=[15750010:01C83697] |
Samples of INVALID Citibank emails (headers and bodies)
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 08788E65-79FC-40AF-8AFB-C5BB0CFCEDBD; 12 Dec 07 08:32:32 -0500 Return-Path: <clientcare.ref53600976942.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2EF0D34; Wed, 12 Dec 2007 08:32:31 -0500 Received: from 62.57.144.53.static.user.ono.com at 62.57.144.53 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 29CC855C-F6B7-490F-AD1D-0323C9EC42C3; 06 Dec 07 12:04:51 -0500 Received: from gmx.net [54.194.239.39] by tgpservers.com with SMTP id NC24BSJNJD for <mike@iqonline.net>; Thu, 06 Dec 2007 11:04:54 -0600 From: "Citibank" <clientcare.ref53600976942.business@citibank.com> Subject: CitiBusiness customer service: urgent message! (message id: G7945541921809) X-Originating-IP: 72.90.108.54 User-Agent: Calypso Version 3.30.00.00 X-Mailer: Calypso Version 3.30.00.00 X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--NPNEE2YZCY87B7FJIG5EQ" ISR-FST: FAILED ISR-RBL: PASSED ISR-Session: 3942250332802 Message-Id: <20071212083211.SM08168@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:32 -0500 ISR-Session: 3942835593306 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0312 (UTC) FILETIME=[7370CA00:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=5490310550494923566358989376221478202587073417196642 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ........................................................... Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:39 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 64467B47-1819-49BF-9778-63D1B2D74929; 12 Dec 07 08:32:35 -0500 Return-Path: <custservice.refJD52590370WZ.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2EE1750; Wed, 12 Dec 2007 08:32:30 -0500 Received: from CBL217-132-210-219.bb.netvision.net.il at 217.132.210.219 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 6D410494-C150-4146-AB55-551BF25C08A0; 11 Dec 07 23:20:28 -0500 Received: from microfiche.altern.org (unknown [111.22.105.224]) by ignum.com with SMTP id XIH79QALPR for <mike@iqonline.net>; Tue, 11 Dec 2007 22:20:48 -0600 From: "Citibank" <custservice.refJD52590370WZ.business@citibank.com> Subject: CitiBusiness customer service: your account with us! (message id: gi8216856221266) X-OriginalArrivalTime: Tue, 11 Dec 2007 22:20:48 -0600 User-Agent: Calypso Version 3.20.01.01 (4) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--JTPU8KAZCMF4S4UYHV" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942797250384 Message-Id: <200712120832698.SM06452@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:35 -0500 ISR-Session: 3942835591805 |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=5861823764602653069605337203331920916070555516000440522 Thank you for banking with Citibank, the industry leader in safe and secure online banking. _________________________________________________ Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 7AAEA1DB-DEC8-423F-86D6-D87095868B77; 12 Dec 07 08:32:32 -0500 Return-Path: <clientservice.refN126143353Q.business@citi.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2EF4294; Wed, 12 Dec 2007 08:32:31 -0500 Received: from 160-178.62-81.cust.bluewin.ch at 81.62.178.160 by mta1.qostar.com at 63.168.176.130 ISR MTA ID BB7FD9DD-1DF8-40D0-A630-51E225A0C6E7; 09 Dec 07 23:29:02 -0500 Received: from crouch.name.com (helo geocities.com.correo1.com [84.239.100.152]) by bradfitz.com with SMTP id 2DHTXY657G for <noc@iqonline.net>; Sun, 09 Dec 2007 22:29:20 -0600 Received: from malaysia.net (unknown [50.174.168.208]) by plavnik.com with SMTP id 5G8H94I5GD for <noc@iqonline.net>; Mon, 10 Dec 2007 01:23:20 -0300 From: "Citibank" <clientservice.refN126143353Q.business@citi.com> Subject: CitiBusiness customer service: confirm your account details! (message id: v5374895136100) X-Message-Id: <881302of66vo20ps$3nm6c1z46$0fur1g@runt.host-offshore.com (EHLO p4host.com.absolutist.com [12.209.179.158])> User-Agent: MIME-tools 4.104 (Entity 4.116) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--8FRZI.UWDMXOAU3LL5" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942597848721 Message-Id: <200712120832354.SM01844@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:32 -0500 ISR-Session: 3942835592564 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0156 (UTC) FILETIME=[7358FC40:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=3612468992367488342166730445146602095111022498 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ---------------------------------------------------------- Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 9C52E806-69D9-45FE-B06C-D8B28DD64D1D; 12 Dec 07 08:32:33 -0500 Return-Path: <service.refr05897973846wb.business@citi.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2F00808; Wed, 12 Dec 2007 08:32:32 -0500 Received: from 84.94.136.174.cable.012.net.il at 84.94.136.174 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 85E0DE18-B140-48B6-8E07-458013FA02C1; 06 Dec 07 02:25:22 -0500 Received: from digitalua.com (EHLO interptr.com.kazlink.com [24.213.98.64]) by cenara.com with SMTP id 2WOGRNY4NV for <mike@iqonline.net>; Thu, 06 Dec 2007 01:25:41 -0600 Received: from exultation.allsaintsfan.com (gerund.allsaintsfan.com [116.212.252.90]) by sbcidc.com with SMTP id RF2XEDD7HR for <mike@iqonline.net>; Thu, 06 Dec 2007 05:24:41 -0200 From: "Citibank" <service.refr05897973846wb.business@citi.com> Subject: CitiBusiness customer service: important notification! (message id: z4208084kk) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Calypso Version 3.20.01.01 (4) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--1PP_ZEXQ.R1LAJ6" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942210091024 Message-Id: <200712120832448.SM09292@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:33 -0500 ISR-Session: 3942835593793 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0422 (UTC) FILETIME=[738192E0:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=164575204724966610679934622476798722760939915002727008019 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ________________________________________________________________________ Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 430C8925-BAE5-4F51-85A8-EB23A948984B; 12 Dec 07 08:32:33 -0500 Return-Path: <custservice.refZQ4106341A.business@citi.com> Received: from SMTP32-FWD by qostar.net (SMTP32) id AE2EF01410000ADCD; Wed, 12 Dec 2007 08:32:32 -0500 Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2EF3B58; Wed, 12 Dec 2007 08:32:31 -0500 Received: from cc627692-b.ws1.gr.home.nl at 217.120.72.52 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 0766BD50-473E-44AA-B061-A6CFA1675E3A; 07 Dec 07 17:50:40 -0500 Received: from goren.gmail.com (EHLO rebellion.3dfreestats.com [56.144.111.128]) by diznoya.com with SMTP id T0V8UPBIM9 for <smw@qostar.net>; Fri, 07 Dec 2007 16:50:47 -0600 Received: from 168city.com (unknown [74.102.94.7]) by winner01.com with SMTP id L86PF9BH3J for <smw@qostar.net>; Fri, 07 Dec 2007 15:44:47 -0700 From: "CitiBusiness" <custservice.refZQ4106341A.business@citi.com> Subject: important notice! Importance: Normal User-Agent: Calypso Version 3.20.01.01 (4) X-Mailer: Calypso Version 3.20.01.01 (4) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--RJIWEFR62KTES5I0TBU2" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942374350319 Message-Id: <200712120832901.SM08168@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:33 -0500 ISR-Session: 3942835593776 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0422 (UTC) FILETIME=[738192E0:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=401683087258108388374496846589686352019820692733176082408 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ________________________________ Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 2010B12F-0649-49B3-8FA8-FD1FCAF96052; 12 Dec 07 08:32:33 -0500 Return-Path: <clientservice.refam61217671637e.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2F01028; Wed, 12 Dec 2007 08:32:32 -0500 Received: from host16-247-dynamic.211-62-r.retail.telecomitalia.it at 62.211.247.16 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 94C1487A-BF14-43AC-AE5E-94438FAA5EF1; 05 Dec 07 10:52:16 -0500 Received: from abolish.odinplus.com (unknown [30.100.204.199]) by korea-dpr.com with SMTP id QU227YMUHK for <mike@iqonline.net>; Wed, 05 Dec 2007 09:52:30 -0600 Received: from comet.gmx.net (gmx.net.odinplus.com [136.241.223.172]) by newgenhost.com with SMTP id 3S7Z3S3HUP for <mike@iqonline.net>; Wed, 05 Dec 2007 20:50:30 +0500 From: "CitiBusiness" <clientservice.refam61217671637e.business@citibank.com> Subject: CitiBusiness: important account notice! (message id: j49687502166q) X-Message-ID: <56866iep85u4xa$5mt3n3o82$0sv0nf@satan.lucasforums.com (eurobachennya.com.jazzvisp.com [108.43.60.164])> X-Mailer: Calypso Version 3.20.01.01 (4) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--M89VT1IFX3YUHY19D" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942145294302 Message-Id: <200712120832886.SM09132@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:33 -0500 ISR-Session: 3942835594300 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0687 (UTC) FILETIME=[73AA0270:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=8856635528021361525772429166824563933027255221851729149903647 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ************************************************************ Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 29152EFB-4197-4925-BD3A-719BB76B407B; 12 Dec 07 08:32:33 -0500 Return-Path: <customerservice.refE0278280V.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2F042AC; Wed, 12 Dec 2007 08:32:32 -0500 Received: from 84.94.206.10.cable.012.net.il at 84.94.206.10 by mta1.qostar.com at 63.168.176.130 ISR MTA ID C0DFF3C4-FB44-4767-8D54-A58E5C3A1446; 05 Dec 07 05:20:14 -0500 Received: from renown.adobe.com (calhoun.mojohost.com [24.192.151.191]) by ihost.com with SMTP id 18PA018L69 for <mike@iqonline.net>; Wed, 05 Dec 2007 04:20:18 -0600 Received: from punkass.com (helo punkass.com.dateadvices.com [78.192.82.189]) by joker.com with SMTP id X1J167ATO1 for <mike@iqonline.net>; Wed, 05 Dec 2007 06:11:18 -0400 From: "CitiBusiness" <customerservice.refE0278280V.business@citibank.com> Status: 7 (Normal) Subject: Confirm Your Online Banking Records! (mess_id: s600471157) User-Agent: SmartMailer Version 1.56 -German Privat License- X-Mailer: SmartMailer Version 1.56 -German Privat License- X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--Q5.6EQWK_5DYA82RANYBA" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942122234247 Message-Id: <200712120832995.SM06616@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:33 -0500 ISR-Session: 3942835594427 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0906 (UTC) FILETIME=[73CB6D20:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=76149288962520543313838910781063564458349454183192475859909097 Thank you for banking with Citibank, the industry leader in safe and secure online banking. --------------------------------------------------------------------------- Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 08:32:33 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 893E1114-2EA4-462E-8827-ACB7C2099B1E; 12 Dec 07 08:32:31 -0500 Return-Path: <clientdepmnt.refFO1782267327DS.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A2EE3A4C; Wed, 12 Dec 2007 08:32:30 -0500 Received: from eu83-213-104-217.clientes.euskaltel.es at 83.213.104.217 by mta1.qostar.com at 63.168.176.130 ISR MTA ID BF8D4B32-A219-4E79-A386-5D366792BC24; 10 Dec 07 22:37:56 -0500 Received: from bmla.com (helo sidesaddle.bmla.com [18.198.45.234]) by yamx.com with SMTP id 6OY3OPMBDP for <noc@iqonline.net>; Mon, 10 Dec 2007 21:38:03 -0600 From: "CitiBusiness" <clientdepmnt.refFO1782267327DS.business@citibank.com> Subject: Important Information! (message id: 8695966) X-Accept-Language: en-us, en User-Agent: MIME-tools 5.503 (Entity 5.501) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--GXBG1B.LFD2EXOCE9E.T6" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942694299680 Message-Id: <200712120832698.SM06140@mta1.qostar.com> Date: Wed, 12 Dec 2007 08:32:31 -0500 ISR-Session: 3942835591805 X-OriginalArrivalTime: 12 Dec 2007 13:32:33.0125 (UTC) FILETIME=[73544150:01C83CC3] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=869070441065869818152439347513126162581457179470 Thank you for banking with Citibank, the industry leader in safe and secure online banking. --------------------------------------------------------------- Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:49:18 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 4315FB45-1273-4492-B70E-AB24E2C0E40E; 12 Dec 07 19:49:18 -0500 Return-Path: <service.ref0009939.business@citi.com> Received: from SMTP32-FWD by jaxcentral.com (SMTP32) id A818D013600003A96; Wed, 12 Dec 2007 19:49:17 -0500 Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A18D43C0; Wed, 12 Dec 2007 19:49:17 -0500 Received: from 84.94.64.189.cable.012.net.il at 84.94.64.189 by mta1.qostar.com at 63.168.176.130 ISR MTA ID A6B3E542-28C9-4611-9925-B769C87F4B10; 07 Dec 07 23:47:48 -0500 Received: from allsaintsfan.com [21.44.144.124] by altern.org with SMTP id HJUPGN7ZJF for <jax@jaxcentral.com>; Fri, 07 Dec 2007 22:47:52 -0600 From: "CitiBusiness" <service.ref0009939.business@citi.com> Subject: confirm your online account access! User-Agent: Internet Mail Service (5.5.2650.21) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--2I18_Z3IWH.YY6WH1KF" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942399142415 Message-Id: <200712121949320.SM06452@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:49:18 -0500 ISR-Session: 3942882590849 X-OriginalArrivalTime: 13 Dec 2007 00:49:18.0976 (UTC) FILETIME=[FE4D6800:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=62760899485307128498720477744489730513119737429626477 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ........................................ Citibank Customer Service 0x19272686, 0x156, 0x8, 0x8, 0x73, 0x61287388, 0x445 source stack engine type 1M44 0x18196072, 0x97, 0x4, 0x8, 0x2849, 0x12, 0x692, 0x932, 0x4255, 0x62460694, 0x4808, 0x825 function: 0x4, 0x77, 0x408, 0x3, 0x01546008, 0x639, 0x6, 0x0, 0x5, 0x057, 0x98825860, 0x8, 0x84379033, 0x141, 0x7 stack: 0x39, 0x38275277, 0x778, 0x469, 0x31759951, 0x4165 0x6, 0x55084871, 0x9, 0x1, 0x09, 0x7, 0x30, 0x4, 0x4415, 0x120, 0x82, 0x77, 0x0781, 0x5703 0x73, 0x529, 0x4, 0x5, 0x22, 0x5, 0x5832, 0x25, 0x10125596, 0x4202, 0x00, 0x4, 0x552 0x761, 0x59, 0x02, 0x089, 0x5257, 0x206, 0x62000737, 0x15 type: 0x905, 0x346, 0x5, 0x669, 0x0 JBQ: 0x9, 0x1, 0x76410207, 0x2520, 0x2 0x85, 0x9, 0x4, 0x243, 0x07135293, 0x30, 0x89914664, 0x18, 0x24 interface: 0x6672 define D0XE end LMT 12R2: 0x11274257, 0x227 0x3638, 0x21, 0x4085 7Y6 IS0E EPTM KTK: 0x701, 0x834, 0x529, 0x9, 0x594, 0x5545, 0x5560, 0x7619, 0x3663, 0x6, 0x798, 0x99254584, 0x36033144 0x21, 0x049, 0x0, 0x4, 0x524, 0x4 I08O: 0x161, 0x9031, 0x61330161, 0x69, 0x7402, 0x49761588, 0x561 0x91645153, 0x6, 0x9, 0x4446, 0x0089 ANU: 0x52850955, 0x65, 0x9966, 0x6, 0x6028, 0x1, 0x756, 0x0, 0x677 engine: 0x45038544, 0x02765313, 0x545, 0x4216 0x1458 AK5, U44, stack, N5ON, NFS, OB7T, 14D3, stack. 0x57265163, 0x74255430, 0x9, 0x2262, 0x4072, 0x412, 0x570, 0x658, 0x6294, 0x17998911, 0x4 BDU: 0x494, 0x620, 0x46366504, 0x49308107, 0x2 0x76163697, 0x14, 0x72, 0x91, 0x207 MJPO, tmp FD3, KB5E. MPU: 0x3, 0x339, 0x41815654, 0x559, 0x5, 0x547, 0x416, 0x49986752, 0x258, 0x8134, 0x05, 0x1, 0x10707533, 0x2452 |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:49:18 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID E58AD9E9-8193-4012-BA4D-05591C1D9C0D; 12 Dec 07 19:49:18 -0500 Return-Path: <clientservice.refa59849227y.business@citibank.com> Received: from SMTP32-FWD by jaxcentral.com (SMTP32) id A818D014A00003A94; Wed, 12 Dec 2007 19:49:17 -0500 Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A18D4478; Wed, 12 Dec 2007 19:49:17 -0500 Received: from host71-152-dynamic.53-82-r.retail.telecomitalia.it at 82.53.152.71 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 60F2C16C-A4F5-4A72-9B9E-C6FE1364256B; 10 Dec 07 20:32:07 -0500 Received: from dirichlet.kellychen.com (unknown [30.52.52.184]) by australiamail.com with SMTP id RV4IIGMA2A for <jax@jaxcentral.com>; Mon, 10 Dec 2007 19:32:23 -0600 From: "CitiBusiness" <clientservice.refa59849227y.business@citibank.com> Subject: official information from CitiBusiness customer service! X-Authentication-Warning: SH49-slugging3.LZ97uwg.seamy.allstream.com (oldcatdns.com.kulichki.com [50.226.32.180]): z02bismuth set sender to clientdepmnt.ref8282652326525.business@citi.com using -u User-Agent: Mozilla 4.61 [en]C-CCK-MCD C-UDP; (Win98; I) X-Mailer: Mozilla 4.61 [en]C-CCK-MCD C-UDP; (Win98; I) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--A7QB.0XTYZ5JX3TEE9" ISR-RBL: PASSED ISR-FST: FAILED ISR-Session: 3942685561451 Message-Id: <200712121949101.SM07780@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:49:18 -0500 ISR-Session: 3942882590704 X-OriginalArrivalTime: 13 Dec 2007 00:49:18.0898 (UTC) FILETIME=[FE418120:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=316613041028027774300504036981016673052569739748681 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ******************************************************************** Citibank Customer Service 0x4, 0x014, 0x79 stack. 0x0386, 0x95869948, 0x213, 0x3, 0x74918364, 0x1, 0x0486, 0x26856856, 0x603, 0x78580297, 0x848, 0x33565248 0x31262792, 0x966, 0x31138915, 0x6, 0x1, 0x34, 0x56669133, 0x4743 E1OJ: 0x9589 function: 0x333, 0x542, 0x65, 0x16548679, 0x53, 0x3995, 0x66, 0x24, 0x18, 0x29866937, 0x4792, 0x0, 0x9644, 0x5, 0x66915399 B9W: 0x185, 0x80486866, 0x89331096, 0x50, 0x1932, 0x48286068, 0x3, 0x06, 0x07856027, 0x7071, 0x742, 0x02, 0x70687307 0x07042588, 0x48182434, 0x269, 0x18, 0x72, 0x0, 0x50311503, 0x46740302, 0x484, 0x536 0x2604, 0x78, 0x32, 0x9562, 0x11, 0x931, 0x78532602, 0x994, 0x2, 0x32, 0x28 0x38702536, 0x666, 0x4307, 0x1528, 0x14521012, 0x30496663, 0x7040, 0x76, 0x00627232, 0x0, 0x9868 FDR: 0x42 YZF: 0x507, 0x468, 0x185, 0x7096, 0x69, 0x2, 0x10218577, 0x93134563, 0x2, 0x102, 0x03504328 P1N. 0x66390272, 0x72, 0x725, 0x57127564, 0x1751, 0x2 5LDK: 0x25441085, 0x4392, 0x95, 0x892, 0x0, 0x10310744, 0x678, 0x8, 0x6 create, 26G, U4V, create, define. 40LS: 0x8, 0x2060, 0x1635 NLI: 0x94751890, 0x37207465, 0x999, 0x185, 0x52134916, 0x6133, 0x41387800, 0x454, 0x9711, 0x32583882, 0x1, 0x93584218, 0x836, 0x66 0x493, 0x550, 0x19, 0x4961, 0x249, 0x52017838, 0x52, 0x3519 stack: 0x880, 0x6, 0x3729, 0x8364, 0x50, 0x127, 0x95, 0x48178918, 0x3 cvs: 0x8707, 0x3, 0x3101 62I: 0x430, 0x15527201 0x2780 serv, GFR5, RRM, define, 9GW, revision. define: 0x3, 0x68, 0x1, 0x432, 0x34, 0x46472766, 0x44, 0x8126, 0x6603, 0x25, 0x149 define: 0x853, 0x2 A0BF: 0x260, 0x2, 0x9, 0x221, 0x07, 0x892, 0x6, 0x60, 0x4389, 0x40 R7JX, EH0 UQFN, SVSR ODMY: 0x90272273, 0x99938396, 0x660, 0x13084048, 0x647, 0x104, 0x7217, 0x71, 0x748, 0x231, 0x323, 0x4, 0x53, 0x238 |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:49:00 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 97737210-8B78-4FFE-8076-7FA46A7F06F0; 12 Dec 07 19:49:00 -0500 Return-Path: <service.ref61032665.business@citi.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A17B4498; Wed, 12 Dec 2007 19:48:59 -0500 Received: from 089159066086.chello.fr at 89.159.66.86 by mta1.qostar.com at 63.168.176.130 ISR MTA ID DED877C4-08E0-4B9A-9C91-EE6B5090A821; 10 Dec 07 13:33:31 -0500 Received: from sailorwhores.com (ehlo chink.realboys4u.com [40.32.144.212]) by envisionext.com with SMTP id V1U2JYJJI7 for <mike@iqonline.net>; Mon, 10 Dec 2007 12:33:47 -0600 Received: from distal.all.bg (ehlo eh.all.bg [55.48.192.210]) by verizon.com with SMTP id NN4A84AET1 for <mike@iqonline.net>; Mon, 10 Dec 2007 19:32:47 +0100 From: "Citibank" <service.ref61032665.business@citi.com> Subject: Important security notice! (mess_id: P85765379) X-Authentication-Warning: RH48-workday98.JBP263jgo.bogey.poiski.com (ehlo registan.com.espressotop50.com [43.63.203.205]): v713biotic set sender to clientdepmnt.refmd4388834032491.business@citibank.com using -b X-Mailer: MailGate v3.0 X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--4IYPDV9GQ11MHC_XKK4K1I1" ISR-RBL: FAILED (cbl.abuseat.org=127.0.0.2=127.0.0.2 matched 127.0.0.2) ISR-FST: FAILED ISR-Session: 3942656492986 Message-Id: <200712121948523.SM07944@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:49:00 -0500 ISR-Session: 3942882569672 X-OriginalArrivalTime: 13 Dec 2007 00:49:00.0945 (UTC) FILETIME=[F38E1810:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=365361329749231308920903349050973972707601015488540639285 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ------------------------------------------ Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:48:40 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 55913F20-24AF-4FCE-BD42-5F843CB9E563; 12 Dec 07 19:48:39 -0500 Return-Path: <clientservice.ref86233340860806.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A1664328; Wed, 12 Dec 2007 19:48:38 -0500 Received: from 62.42.135.138.dyn.user.ono.com at 62.42.135.138 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 381508BC-C10B-4BEA-84FF-DAD22F2E1ED5; 12 Dec 07 04:33:52 -0500 Received: from corrodible.rupornosex.com (unknown [102.24.110.11]) by maxthon.com with SMTP id Z1UOWOSOY1 for <noc@iqonline.net>; Wed, 12 Dec 2007 03:34:00 -0600 Received: from arkansas.net (unknown [54.171.32.212]) by kasserver.com with SMTP id 409RB3ULP9 for <noc@iqonline.net>; Wed, 12 Dec 2007 15:29:00 +0600 From: "Citibank" <clientservice.ref86233340860806.business@citibank.com> Subject: CitiBusiness customer service: urgent security notification for clients! (mess_id: i5540084za) X-Authentication-Warning: FS60-calcutta1.MX818prnp.kinki-kids.com (figaro.x-provider.com [120.2.168.163]): ff94deem set sender to cservice.refG0239622054W.business@citibank.com using -u X-Mailer: Mutt/1.5.1i X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--UF12S4.P7UM1FQM6E" ISR-RBL: FAILED (cbl.abuseat.org=127.0.0.2=127.0.0.2 matched 127.0.0.2) ISR-FST: FAILED ISR-Session: 3942819017805 Message-Id: <200712121948866.SM07944@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:48:39 -0500 ISR-Session: 3942882545800 X-OriginalArrivalTime: 13 Dec 2007 00:48:40.0960 (UTC) FILETIME=[E7A4A000:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=2191727222535005570175134183792145617591051944475474885887846 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ***************************************************************** Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:48:40 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 5C6760CC-64AB-47BC-AE34-E0660AAF43A3; 12 Dec 07 19:48:39 -0500 Return-Path: <service.refJU7562861642.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A16642FC; Wed, 12 Dec 2007 19:48:38 -0500 Received: from r190-64-1-25.dialup.adsl.anteldata.net.uy at 190.64.1.25 by mta1.qostar.com at 63.168.176.130 ISR MTA ID EB582B9E-7514-43E3-88E8-41F6A55EB3F8; 12 Dec 07 17:27:32 -0500 Received: from [134.52.248.17] (HELO altern.org) by tgpservers.com with SMTP id KV7PDE2F8R for <mike@iqonline.net>; Wed, 12 Dec 2007 16:27:34 -0600 From: "Citibank" <service.refJU7562861642.business@citibank.com> Subject: Important security notice! (message id: mx44048580kr) Sender: "Citibank" <customerservice.refNL4624544495330.business@citibank.com> User-Agent: Mozilla 4.61 [en]C-CCK-MCD C-UDP; (Win98; I) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--EGAZINLREBQZ._S00" ISR-RBL: FAILED (cbl.abuseat.org=127.0.0.2=127.0.0.2 matched 127.0.0.2) ISR-FST: FAILED ISR-Session: 3942872742515 Message-Id: <200712121948866.SM07900@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:48:39 -0500 ISR-Session: 3942882545800 X-OriginalArrivalTime: 13 Dec 2007 00:48:40.0929 (UTC) FILETIME=[E79FE510:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=508413395380429803695274259012996373600202663751134 Thank you for banking with Citibank, the industry leader in safe and secure online banking. --------------------------------------------------------- Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:48:40 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID F096BDEB-8ECE-4129-8A5B-AFE23763417D; 12 Dec 07 19:48:40 -0500 Return-Path: <custservice.refS904272162.business@citibank.com> Received: from SMTP32-FWD by qostar.net (SMTP32) id A8166012600003996; Wed, 12 Dec 2007 19:48:39 -0500 Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A16643F4; Wed, 12 Dec 2007 19:48:38 -0500 Received: from 63.168.176.130 at 58.74.38.148 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 8A0D49AF-D5E6-48C9-BE4D-C054394C567D; 12 Dec 07 11:04:50 -0500 Received: from mail.com [87.212.172.119] by astrons.com with SMTP id KRTUG07XY5 for <smw@qostar.net>; Wed, 12 Dec 2007 10:05:10 -0600 From: "Citibank" <custservice.refS904272162.business@citibank.com> Subject: notice: confirm your online banking records! (mess_id: 88145448) In-Reply-To: "Citibank" <clientservice.refLH6178068414BL.business@citi.com> User-Agent: Microsoft Internet Mail 4.70.1155 X-Mailer: Microsoft Internet Mail 4.70.1155 X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--AJA0LR9LUGNOLD28F8HFH4" ISR-RBL: FAILED (cbl.abuseat.org=127.0.0.2=127.0.0.2 matched 127.0.0.2) ISR-FST: FAILED ISR-Session: 3942846167429 Message-Id: <200712121948757.SM03124@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:48:39 -0500 ISR-Session: 3942882546234 X-OriginalArrivalTime: 13 Dec 2007 00:48:40.0976 (UTC) FILETIME=[E7A71100:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=4008749105180870840608803982774067777349477399561 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ____________________________________________________________________ Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:48:40 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 0CD404A4-AF6C-46E8-AC89-1A596BC0FEE7; 12 Dec 07 19:48:39 -0500 Return-Path: <clientdepmnt.refO05478314891.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A16644F8; Wed, 12 Dec 2007 19:48:38 -0500 Received: from 63.168.176.130 at 61.98.129.62 by mta1.qostar.com at 63.168.176.130 ISR MTA ID 3C84ACC1-B5FA-4EE8-AD43-52A4ADC58CFD; 11 Dec 07 14:31:32 -0500 Received: from bangor.kellychen.com (helo inflammatory.kellychen.com [75.36.4.117]) by ledzeppelin.com with SMTP id ONB64TALIB for <mike@iqonline.net>; Tue, 11 Dec 2007 13:31:41 -0600 Organization: CitiBusiness cservice.refQ1121581448QU.business@citi.com From: "CitiBusiness" <clientdepmnt.refO05478314891.business@citibank.com> Subject: CitiBusiness: Please Confirm Your Details! (message id: hr1177547264204) Organization: CitiBusiness cservice.refQ1121581448QU.business@citi.com User-Agent: Microsoft Internet Mail 4.70.1155 X-Mailer: Microsoft Internet Mail 4.70.1155 X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--COLJPFU6TBMJ61R3" ISR-RBL: FAILED (cbl.abuseat.org=127.0.0.2=127.0.0.2 matched 127.0.0.2) ISR-FST: FAILED ISR-Session: 3942760518314 Message-Id: <200712121948866.SM09132@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:48:39 -0500 ISR-Session: 3942882545891 X-OriginalArrivalTime: 13 Dec 2007 00:48:40.0992 (UTC) FILETIME=[E7A98200:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=7078364409891493635652653250020316181743639408753010156 Thank you for banking with Citibank, the industry leader in safe and secure online banking. ----------------------------------- Citibank Customer Service |
| Header: | Microsoft Mail Internet Headers Version 2.0 Received: from mta1.qostar.com ([172.16.0.102]) by exchange.qostar.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 19:48:40 -0500 Received: from mail.qostar.com at 172.16.0.67 by mta1.qostar.com at 63.168.176.130 ISR MTA ID E3F0BB2F-3AAB-489A-9783-1AC11BF4EC60; 12 Dec 07 19:48:39 -0500 Return-Path: <clientservice.refpg3610889u.business@citibank.com> Received: from mta1.qostar.com [172.16.0.102] by mail.qostar.com (SMTPD-9.03) id A1664478; Wed, 12 Dec 2007 19:48:38 -0500 Received: from 63.168.176.130 at 221.142.104.57 by mta1.qostar.com at 63.168.176.130 ISR MTA ID C8E9326D-E47A-4639-9B65-8B099B630EE5; 12 Dec 07 12:03:50 -0500 Received: from regiomontano.com (unknown [96.214.147.66]) by rushops.com with SMTP id KOPI3UKY0O for <mike@iqonline.net>; Wed, 12 Dec 2007 11:03:56 -0600 Received: from [28.192.74.173] (HELO sesmail.com) by zipolite.com with SMTP id 4HHK724F75 for <mike@iqonline.net>; Wed, 12 Dec 2007 14:54:56 -0200 From: "CitiBusiness" <clientservice.refpg3610889u.business@citibank.com> Subject: Instructions For Customer! (message id: MY15942840) X-Message-ID: <3910703559878093.2983356.service.refq58297615261gg.business@citibank.com> User-Agent: MailGate v3.0 X-Mailer: MailGate v3.0 X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0SIN2SYUP1UZHA" ISR-RBL: FAILED (cbl.abuseat.org=127.0.0.2=127.0.0.2 matched 127.0.0.2) ISR-FST: FAILED ISR-Session: 3942850264461 Message-Id: <200712121948647.SM06912@mta1.qostar.com> Date: Wed, 12 Dec 2007 19:48:39 -0500 ISR-Session: 3942882545511 X-OriginalArrivalTime: 13 Dec 2007 00:48:40.0898 (UTC) FILETIME=[E79B2A20:01C83D21] |
| Message: | Dear valued customer, We regularly perform scheduled maintenance for our CitiBusiness Online customers. We intend upgrading our Digital Banking security server for better online services. In order to ensure you do not experience service interruption, you are required to complete our CitiBusiness Online Form by following the secured hyperlink below: http://citibusinessonline.da-us.citibank.com/cbusol/form.do?session=23068515511576234252705704380691323558213709556510 Thank you for banking with Citibank, the industry leader in safe and secure online banking. _____________________________ Citibank Customer Service |