A friend of mine recently received in the mail a letter purporting to be from Citibank. It contained a sheet of paper saying: “Please see the enclosed for information regarding your Citi Mastercard Customer Credit Card account ending in [last four digits] issued by Citibank USA, N.A.” Inside the letter were two little brochures – a notice of change to Citibank’s policies; and a complete privacy policy with an opt out form at the end.
She went to Citibank’s website and downloaded their privacy policy and noticed some suspicious differences between the opt out form in the letter [on the left] and the one from Citibank’s website [on the right].
Two notable differences are: (1) the form from Citibank’s website has a toll free phone number you can call to opt out; the form in the letter does not; (2) the addresses of the processing centers where the opt out forms are to be sent are different.
So my friend then called Citibank to find out what was going on. Had a fraudster acquired a card in her name? Was the letter an elaborate fishing scheme?
My friend recounted the conversation the best she could so I could recreate it on this blog. This is reconstructed from her memory, so it’s not exact. Although the transcript below doesn’t contain the precise words spoken, it hopefully will capture the gist of the conversation.
Click on the continuation to read more.
