We’ve seen them before and they come in all shapes and sizes – now they are impersonating Citibank customer emails to make it seem as if you’ve been locked out of your online banking account, making you enter your login credentials.

The elaborate scam involves sending the victim a security code via SMS, mimicking the real process used by the bank for online transactions. Even if you think that the email has been sent in good faith (you think that you actually have been locked out) it is heavily advised NOT to open the emails. Instead give customer support a call or even visit your local branch to:

1. Confirm that the email was in fact sent by Citibank
2. Make the necessary amendments to your credential details at the branch/via telephone

Although, and Managed IT Services see it time and time again, the emails are highly sophisticated and are a 99.99% copy of an original email. Which, to the untrained eye, is good to enough to gain its trust. However one of few hints that the email is a scam is that while the email purports to be sent from Citi Australia, the reply address is an unrelated domain that appears to have been compromised. While the landing page looks exactly like the real Citi Australia website, the URL reveals this is not the case. The scammers try to trick visitors into thinking it’s the real Citibank.com.au site by appending a subdomain with matching letting. But the real website or domain in this particular scam is a compromised overseas-based site.

Citi’s website suggests forwarding any suspicious emails to spoof@citicorp.com. The bank also suggests ways customers can protect themselves:

• Go directly there: The best way to get to any site is to type its address (URL) into your browser and then bookmark it.
• Set up a login cookie: Some sites like Citibank.com let your computer remember your User ID. This way, when you return to the site from an email to sign on, your User ID will be visible in the sign-on box. A spoof, or fake, website will not be able to display your User ID. (Never use the Remember Me feature on a public or shared computer.)

These emails are extremely difficult to detect from a managed IT services point of view as the content and headers are almost an exact replica of an original. So vigilance and monitoring of anything out of the norm is key. If you feel you have been compromised by a similar email in the past, give us a call or email immediately and we will look into it for you.