Citibank: Emailing Sensitive Private Credit Card Information to a Spamtrap
First Chase Bank sent marketing emails that contained personal names and credit card information to spamtraps. Now Citibank is doing the same thing. Today Citibank sent a bulk marketing email to an email address that, if it ever existed at all, has been closed since 2007. The email contained a name and the last four digits of a credit card number. Either Citibank is deliberately including made-up “customer” information to make bulk marketing email look more legitimate (which I doubt), or Citibank has badly mismanaged its customer list *AND* (worse) is including sensitive personal information in marketing emails that are going to unconfirmed and incorrect email addresses. The ESP is Epsilon Interactive via its ESP Bigfoot Interactive.
Received: from bigfootinteractive.com (arm184.bigfootinteractive.com [22.214.171.124]) by <xxx> (Postfix) with ESMTP id <xxx> for <xxx>; Mon, 21 Nov 2011 12:xx:xx -0600 (CST) DKIM-Signature: <xxx> DomainKey-Signature: <xxx> Received: from [192.168.xx.xx] ([192.168.xx.xx:xx] helo=<xxx>) by <xxx>.epsiloninteractive.com (envelope-from <<xxx>@info.citibank.com>) (ecelerity 126.96.36.199 r(<xxx>)) with ESMTP id <xxx>; Mon, 21 Nov 2011 13:xx:xx -0500 Reply-To: =?iso-8859-1?B?<xxx>=?= <1<xxx>@info.citibank.com> Bounces_to: citicards.<xxx>@info.citibank.com Message-ID: <<xxx>@info.citibank.com> X-SS: <xxx> X-BFI: <xxx> Date: Mon, 21 Nov 2011 13:xx:xx EST From: =?iso-8859-1?B?<xxx>==?= <email@example.com> Subject: Up to $250 back on purchases - a benefit of your Citi Card To: <xxx> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="<xxx>"
From: <xxx> <firstname.lastname@example.org>
Subject: Up to $250 back on purchases – a benefit of your Citi Card
Reply-To: <xxx> <1<xxx>@info.citibank.com>
Add email@example.com to your address book to ensure delivery.
Account Ending In: <xxx>
Member Since: <xxx>
Please visit the following link to view your message:
This is a message from Citi Cards. If you’d like to refine the types of email messages you receive, or if you’d prefer to stop receiving email from us, please go to:
Citibank manages email preferences by line of business. Changing your email preferences with Citi Cards does not change your email preferences for messages from Citibank’s other businesses which include retail
branch banking among others.
Should you want to contact us in writing concerning this email, please direct your correspondence to:
Citibank, N.A. Customer Service
P.O. Box 6500
Sioux Falls, SD 57117