Citibank has warned customers to immediately delete a scam e-mail asking them to provide their user names and the first four digits of their bank cards.
The e-mail, which appears to come from Citibank with the subject "Your Checking Account at Citibank", warns bank customers that their checking accounts could be blocked if they do not provide their user information.
Citibank is working with law enforcement officials to locate the source of the fraudulent e-mail. The bank has published a list of precautionary steps on its website to help customers avoid problems with unsolicited junk e-mail, and is urging customers who receive suspicious online mail to alert company officials.
This is the latest example of "phishing," or official-looking messages telling recipients that, for technical reasons, billing information and identity data, such as social security numbers, must be submitted for their accounts.
In July, the US government and ISP EarthLink warned of a surge in unsolicited e-mail and scam websites designed to steal the identity of internet users.
The ISP had seen a spike since the beginning of the year in e-mail linked to phisher scams, which use spam to lure victims to websites designed to look like legitimate retail or corporate sites.
In the same month, the US Federal Trade Commission (FTC) settled a civil action against a 17-year-old California boy accused of tricking internet users into giving him their credit card numbers and other personal information on a bogus website meant to look like America Online's billing centre.
The settlement, pending approval by a federal court in central California, will bar the defendant from sending spam and force him to give up about $3,500 (£2,200) in profits from his venture, which ran from July to December 2002, before the FBI confiscated his computer.
John Blau writes for IDG News Service