Online Security - Why you need to be aware of online fraud?

You are here:

India Home>Products & Services>Online Banking>Online Security

Internet Banking

Overview
Citibank Bill Pay
Statement on E-mail
CitiAlert
Prepaid Recharge
Online Tax Remittance

Mobile Services

Overview
Mobile Banking
Interbank Mobile
Payment Service
SMS Banking

Online Security

Overview
How does Citi protect you?
How to stay safe online?
Important updates
Trends in online fraud

Other Online Services

Online Credit Card payment
Online Personal Loan EMI Payment
Online Home Loan EMI
Payment

Why you need to be aware of online fraud? There are a range of online frauds and they come in various forms to lure you into giving your sensitive information. Once they get your information they can cause severe damage to your finances.

1 of

Showing

The fraudulent email appears to be from a legitimate bank and is intended to collect sensitive personal and financial information.

How to identify a fraudulent email?

As a provider of online banking services, Citigroup does frequently communicate with its clients via email. The majority of these communications are to provide you with information and updates about our services
If we request information from you, we'll always direct you back to a Citibank site using links. These are for your convenience - you can also reach our site ( www.citibank.com/india) using your bookmarks. You can add any of the Citibank URLs to your list of favourites or bookmark them
If you use a link in an email from us, you can make sure that you are on a Citibank page by comparing it against the known URL you use to access your online banking application

What Citibank will do?

Citibank will ask you to enter your Citibank User ID and IPIN only when you sign on to Citibank Online (www.citibank.com/india, www.online.citibank.co.in)
Citibank will send you emails with text links and banner links to information or promotions about Citibank products. Such promotions might invite customers to register their name and contact details (such as phone numbers or email address)
Citibank will send you emails with text links and banner links for your convenience and you can always type in Citibank URLs directly into your Internet browser. (www.citibank.com/india, www.online.citibank.co.in)
Citibank will ask you to fill any account details only on either www.citibank.com/india or www.online.citibank.co.in

What Citibank will not do?

Citibank will never send you urgent or time-sensitive emails that ask you to provide, update or confirm sensitive data like your Citibank Card number, IPIN, APIN, TPIN or expiration date, etc.
Citibank will never send you an email with any input fields asking for personal, account or other sensitive information

Do's

All forms should be filled only on Citibank website starting with www.online.citibank.co.in , www.citibank.co.in and www.asia.citi.com
Make sure that the URL provided in the email leads to a valid website. All genuine Citibank URLs will begin with www.online.citibank.co.in , www.citibank.co.in and www.asia.citi.com
Open emails only when you know the sender. Be especially careful about opening an email with an attachment. Even a friend may accidentally send an email with a virus
Check the sender email address to verify that it is from a valid email account
Type the entire Citibank website address on your browser to sign on to Citibank Online (Internet Banking) page
Keep your operating system and browser up-to-date. Software updates often include security enhancements that you can usually download free from the particular software provider
Leave suspicious sites
Be alert of scam emails
Open emails only when you know the sender
Be careful before clicking on a link contained in an email or other message
Make sure your home computer has the most current anti-virus software. Install a personal firewall to help prevent unauthorized access to your home computer
Monitor your transactions
Act quickly if you suspect fraud. Please contact us immediately at 24x7 CitiPhone

Don'ts

Never fill an email with input fields that ask you for sensitive data such as User ID, Passwords, IPIN, ATM PIN and account number information
Never fill in a form that you have accessed via an email link with sensitive data such as User ID, Password, IPIN, ATM PIN and account number information unless you are on the secure Citibank website
Don't click on links in unsolicited emails, especially those asking for personal information. Even if you don't supply it, just clicking can enable thieves to access your computer, record your keystrokes and capture passwords you use to sign on to various websites
Do not open or follow instructions on any email asking you to verify information. Citibank will never send any email asking you to verify any sensitive information

Click here >> to view a typical fraudulent email.

They are fraudulent websites created to look identical to those of a legitimate bank or trusted company. Phony websites, also known as 'spoofed websites' use an organization's website graphics and logos, but are actually set up in an attempt to steal sensitive personal and financial information. Once you're at one of these spoofed sites you might unwittingly enter personal information that will be transmitted directly to the person who created the site who then might use this information to purchase goods, apply for a new credit card, or even steal your identity.

Phony websites will not contain the padlock sign on right hand side of the URL
Phony websites will not begin with HTTPS in the URL bar
They appear to be the official site of a well-known and respected institution
They have the names of real people
They have the right logos and branding
They use links to pages on the real website and have official-looking fine print
They use genuine pages copied to a new fake address
They lure customers through "spam" email

Fake security and maintenance upgrades
"Your account has been randomly selected for maintenance and placed on 'Limited Access' status, please enter your account details to re-activate your service"
"Please provide your account details to re-activate your account following the introduction of a new security system which will help you avoid fraudulent transactions and keep your investment safe"
False bills and charges
"Your domain name registration is due for renewal; please enter the following information exactly as it appears on your credit card statement. This will be compared to the information your bank has on file for your Card to verify your payment"
"You have won a free gift (or prize), simply complete your credit card details for postage and handling costs and we'll send it out to you"

Avoid clicking on links provided in a suspicious looking email
Save or "bookmark" frequently visited and trusted websites to your list of favourites, then access those sites through your saved links
Inspect a URL carefully for the presence of an "@" symbol, for example billing@citibank.com. This is a common sign of fraudulent websites. Even if the URL contains the phrase "Citibank" it does not ensure that it is Citibank's website
Be very suspicious of websites that display an IP Address, or numerical address (e.g., http://192.134.2.1), in your web browser's address bar instead of a domain name (e.g., www.citibank.com/india)
Safely access your accounts online by opening up a new web browser each time

'Phishing' masks an identity on the web. Victims are encouraged to visit phony websites that resemble those of legitimate organizations, often through a fraudulent email. Lured to a phishing site, users are asked to enter sensitive information, such as a PIN, password or bank account number. Once they get your information they can cause severe damage to your finances.

Phishing works by the malicious user sending millions of bogus emails that appear to come from popular websites or from sites that you trust, like your bank or a credit card company. The emails and the website links they often send you, look official enough that they deceive many people into believing that they're legitimate.

Never respond to requests for personal information via email. If in doubt, call the institution that claims to have sent you the email
Visit websites by typing the URL into your address bar
Check to make sure the website is using encryption
Routinely review your credit card and bank statements
Report suspected abuses of your personal information to the proper authorities

Vishing is a new trend in online frauds. It is a combination of the words, voice and phishing. While Phishing involves the use of emails to trick you into providing your personal details, vishing uses voice or telephone services. If you use a Voice over Internet Protocol (VoIP) phone service, you are particularly vulnerable to a vishing scam.

A typical vishing call involves a scammer, posing as an employee from your bank or another organization, claiming to need your personal details. They could tell you many different reasons why they need this information from you.

Even if you use your telephone keypad or keyboard to type in your details, if you are on the line, the scammer can record them.

Do not comply
Do not use a contact number provided by the caller
Call the institution directly to check the legitimacy of the request

Citi India has a presence in several social networking sites that help us keep in touch with our customers and clients, including the following:

Facebook - Visit us on Facebook and join the conversation at www.facebook.com/citiindia
LinkedIn - The Citi India LinkedIn page showcase our employee network, current careers, products and services

With more and more people joining social networks, there has been increased danger of social engineering, a form of identity theft where thieves gather personal information from available sections of social networking sites. By taking the following precautions, you can guard against social networking fraud.

Before joining a social networking site or community, research it online to make sure it's legitimate

Do not use the same username and password to log into social networking sites that you use to access your Citi accounts

Never share personal information such as: User IDs, PINs and account numbers on social media sites

Create a screen name that doesn't reveal too much about you

Be careful when clicking links. Even if the message appears to come from a friend, contact the sender directly to make sure it's authentic

Post only information you are comfortable with others seeing, and regard information posted on social media sites as public and permanent

Use privacy settings to limit access to your information

Never include any information that can help thieves steal your identity, such as your address, phone number or even employment information

Citi will never ask you to include your account number or other account access information on Social Media sites
Citi will never send you a LinkedIn or Facebook message asking for account information

Feedback | Careers | Press Room

citigroup.com

Schedule of Fees & ChargesBase RateKey Policies & CommitmentsPrivacySecuritySite Map