This is a common scam and is categorized as Phishing. Not only do these scammers use CITI Bank, they also use Paypal more frequently. They set up sites to look identical to the financial institution pages and even call the images in from the real site.

They even make the links appear to be to the financial institution within the email. However, when you view the source, you can actually see they are spoofing the email address with Java scripts so a different address appears in your status bar when you roll over the link. When you click these links, they even spoof your address bar.

The easiest way to determine if this is a real email at first glance is, who is the email addressed to? I know Paypal will send you an email using your real full name. Such as:
Dear John Jones,
Where these phishing scams will be addressed to:
Dear Customer,

If you think an email is "Phishy" (pardon the pun) simply type the real site into your browser and log into your account to see if you really need to update any information.

If you are technically advanced and know how to get the hosts address by using the ip numbers in the link when viewing the source code, shoot the hosting site an email notifying them of the scam that is being run from their servers.

Also, if this is a Paypal Phishing scam, forward the email to spoof@paypal.com and they will take action as well.

Just as a side note. I have the latest MacAfee virus scan and they quarantine these emails automatically.

This coming from a Yahoo employee? Who knows? Anything is possible. Everyone has a price! Would be real messed up though if it was.

Hope this helps!

Bill