Citizens Bank (RI based) Northeast offices

Status
Not open for further replies.
Joined
Jul 26, 2004
Messages
14,110
Location
New Bri-en, CT
So I get an email @ my home account indicating a new account has been set up and I need to log in.

Quote:

An account has been created for you with the following details. You will be required to change your password on next login.

UserID:
Password:

For any issues, please contact [admin email or phone]

Use of email is inherently insecure. Confidential information, including account information, and personally identifiable information, should not be transmitted via email, or email attachment.The information in this email may contain confidential and/or privileged information and is intended only for the use of the individual/entity named above. Any disclosure, copying, distribution or use of this information is strictly prohibited. If you have received this communication in error, please notify the sender immediately and destroy any record of this email.

Citizens Bank, N.A. is an affiliate of Citizens Financial Group, Inc.


So immediately I am suspicious, but I notice there is no link supplied to click. I also notice that the username is my exact username with another English word appended to the end. FYI, my username is an extremely obfuscated string of semi-mnemonic words

I call fraud prevention and they tell me to ignore it that it is a fraud attempt and I indicated I'm curious how my username is there. She says everyone is calling in with that and I can change my username if I want from the website.

Late to work, I head out and working in IT, I'm thinking, there is no way this is possible without a leak of info from the bank.

I get home and look @ the source info from the email (not having deleted it as instructed) and the IP of the email is owned by the bank. I also see
Quote:

Received-SPF: pass (domain of citizensbank.com designates 12.154.167.142 as permitted sender)

in the tracking info.

So what gives. I'm not sure if I got more unnerved by getting such an email or unnerved that my bank has given me a 'story'. I don't blame the HD person, she is just reporting what she is told.

I think I'm taking this up with the bank, not appreciating what appears to be a problem not correctly identified.

As mentioned I work in IT so I am well aware of how 'problems can be identified' to others as to mask some misdeeds. (not coming out with cannons blazing) Perhaps higher ups don't really have the true story of what the issue was. I'd like to know

Just an FYI and rant for those who might have gotten the same email.

-T
 
If the URL or email source IP seems correct, then try approaching the back (better yet: their branch manager or supervisor) with the email print and ask them for clarification, either in a formalised reply or so (so that you can have an official copy on-hand in case you need to pursue this matter from a liability perspective later on).

Do not attempt to feed any of your personal vital information to that email (reply) at this stage, but to stave it off for a few more days.

Sometimes, some of these email may have been originated from compromised corporate email servers, and yet they do not know/aware of it.

Q.
 
Called the fraud prevention H.L. this evening and the woman who I talked to indicated it was an internal mistake on their part and she was super nice and apologized. I indicated what I had been told in the morning and she wasn't sure why I had been told that other than it was very early in the morning and she had been briefed right away about the issue when she had arrived @ work; Perhaps the night shift didn't get word since I called < 3 hours from receiving the email.

Feeling much better about the outcome.

Thanks for pointing out that it might have been a compromised server as I really hadn't thought of it that way.

Already logged in and changed my username and pw anyway.

Citizens uses multifactor login which is good. Several other non recorded pieces of info are needed to access the account.
 
Originally Posted By: LT4 Vette
Go to bank in person and get to the bottom of this ASAP.


Agree, print out everything you have, and take it to the manager at a physical bank branch. That will be the quickest way to get them to actually look into this.
 
Status
Not open for further replies.
Back
Top