This week's scam is featured because it is done so well. Unlike many others, it does not offer misspelled words and bizarre grammar. Nor does it take an ominous or hysterical tone, although it does suggest that "Ignoring this request for an extended period of time, may result in account limitations or in eventual account closure." (That comma doesn't belong there, but we've seen worse errors.)

Overall, it is so restrained, and even apologetic, that it does indeed read like a corporate communication. There are no sentences in ALL CAPS with lots of EXCLAMATION POINTS!!! It sounds like it really could, just maybe, be from Citibank. And the phishers did a very nice job of duplicating Citi's artwork.

That makes it pretty garbage, but it's still garbage.

This is what it says:

Notification E-mail

--------------------------------------------------------------------------------

Citibank Notification Email

Citibank is committed to maintaining a safe environment for its community of customers.

To protect the security of your account, Citibank employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Citibank system for unusual activity.

This is a fraud prevention measure meant to ensure that your account is not compromised.

In order to secure your account we may require some specific information from you. We encourage you to log in by clicking on the link below:

da-us.citibank.com/cgi-bin/citifi/portal

Ignoring this request for an extended period of time, may result in account limitations or in eventual account closure.

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.

We apologize for any inconvenience.

If you receive this e-mail, Citi wants to know about it, so forward it to emailspoof@citigroup.com. Then delete it.

Citi's Web site features a list of phishing attempts that have made the rounds going back to June 2005. But it stops at October 2006, and as its Web site says, "e-mail spoofs can continually evolve, and even slight variations -- like differences in the embedded links -- will aide our investigations."